Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbeea4 into Mbed Crypto.
Resolve conflicts by performing the following:
- Reject changes to README.md
- Don't add crypto as a submodule
- Remove test/ssl_cert_test from programs/Makefile
- Add cipher.nist_kw test to tests/CMakeLists.txt
- Reject removal of crypto-specific all.sh tests
- Reject update to SSL-specific portion of component_test_valgrind
in all.sh
- Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
all.sh
* tls/development: (87 commits)
Call mbedtls_cipher_free() to reset a cipher context
Don't call mbedtls_cipher_setkey twice
Update crypto submodule
Minor fixes in get certificate policies oid test
Add certificate policy oid x509 extension
cpp_dummy_build: Add missing header psa_util.h
Clarify comment mangled by an earlier refactoring
Add an "out-of-box" component
Run ssl-opt.sh on 32-bit runtime
Don't use debug level 1 for informational messages
Skip uncritical unsupported extensions
Give credit to OSS-Fuzz for #2404
all.sh: remove component_test_new_ecdh_context
Remove crypto-only related components from all.sh
Remove ssl_cert_test sample app
Make CRT callback tests more robust
Rename constant in client2.c
Document and test flags in x509_verify
Fix style issues and a typo
Fix a rebase error
...
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 7c31353..7d4f1e8 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -1,41 +1,44 @@
-Note: This is just a template, so feel free to use/remove the unnecessary things
+<!--
+
+ ************************************** WARNING **************************************
+
+ The ciarcom bot parses this header automatically. Any deviation from the
+ template may cause the bot to automatically correct this header or may result in a
+ warning message, requesting updates.
+
+ Please ensure that nothing follows the Issue request type section, all
+ issue details are within the Description section and no changes are made to the
+ template format (as detailed below).
+
+ *************************************************************************************
+
+-->
### Description
-- Type: Bug | Enhancement\Feature Request | Question
-- Priority: Blocker | Major | Minor
----------------------------------------------------------------
-## Bug
+<!--
+ Required
+ Add detailed description of what you are reporting.
+ Good example: https://os.mbed.com/docs/latest/reference/workflow.html
+ Things to consider sharing:
+ - What target does this relate to?
+ - What toolchain (name + version) are you using?
+ - What tools (name + version - is it mbed-cli, online compiler or IDE) are you using?
+ - What is the SHA of Mbed OS (git log -n1 --oneline)?
+ - Steps to reproduce. (Did you publish code or a test case that exhibits the problem?)
+-->
-**OS**
-Mbed OS|linux|windows|
-**mbed TLS build:**
-Version: x.x.x or git commit id
-OS version: x.x.x
-Configuration: please attach config.h file where possible
-Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
-Additional environment information:
+### Issue request type
-**Peer device TLS stack and version**
-OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other
-Version:
+<!--
+ Required
+ Please add only one X to one of the following types. Do not fill multiple types (split the issue otherwise.)
+ Please note this is not a GitHub task list, indenting the boxes or changing the format to add a '.' or '*' in front
+ of them would change the meaning incorrectly. The only changes to be made are to add a description text under the
+ description heading and to add a 'x' to the correct box.
+-->
+ [ ] Question
+ [ ] Enhancement
+ [ ] Bug
-**Expected behavior**
-
-**Actual behavior**
-
-**Steps to reproduce**
-
-----------------------------------------------------------------
-## Enhancement\Feature Request
-
-**Justification - why does the library need this feature?**
-
-**Suggested enhancement**
-
------------------------------------------------------------------
-
-## Question
-
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
deleted file mode 100644
index 485b541..0000000
--- a/.github/pull_request_template.md
+++ /dev/null
@@ -1,39 +0,0 @@
-Notes:
-* Pull requests cannot be accepted until:
-- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/)
- or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/)
-- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards)
-* This is just a template, so feel free to use/remove the unnecessary things
-## Description
-A few sentences describing the overall goals of the pull request's commits.
-
-
-## Status
-**READY/IN DEVELOPMENT/HOLD**
-
-## Requires Backporting
-When there is a bug fix, it should be backported to all maintained and supported branches.
-Changes do not have to be backported if:
-- This PR is a new feature\enhancement
-- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch
-
-Yes | NO
-Which branch?
-
-## Migrations
-If there is any API change, what's the incentive and logic for it.
-
-YES | NO
-
-## Additional comments
-Any additional information that could be of interest
-
-## Todos
-- [ ] Tests
-- [ ] Documentation
-- [ ] Changelog updated
-- [ ] Backported
-
-
-## Steps to test or reproduce
-Outline the steps to test or reproduce the PR here.
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index 33ccb13..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,4 +0,0 @@
-[submodule "crypto"]
- path = crypto
- url = https://github.com/ARMmbed/mbed-crypto
- branch = development
diff --git a/.travis.yml b/.travis.yml
index c45d408..c8ca79d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,13 +22,8 @@
- make
- make test
- programs/test/selftest
-- OSSL_NO_DTLS=1 tests/compat.sh
-- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
- tests/scripts/test-ref-configs.pl
- tests/scripts/curves.pl
-- tests/scripts/key-exchanges.pl
-after_failure:
-- tests/scripts/travis-log-failure.sh
env:
global:
- SEED=1
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ecfa40e..feca4ab 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,7 +9,6 @@
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
-option(USE_CRYPTO_SUBMODULE "Build and use libmbedcrypto from the crypto submodule." OFF)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@@ -168,6 +167,9 @@
set(LIB_INSTALL_DIR lib)
endif()
+include_directories(include/)
+include_directories(library/)
+
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
@@ -178,10 +180,6 @@
add_subdirectory(library)
add_subdirectory(include)
-if(USE_CRYPTO_SUBMODULE)
- add_subdirectory(crypto/library)
- add_subdirectory(crypto/include)
-endif()
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
@@ -195,9 +193,6 @@
enable_testing()
add_subdirectory(tests)
- if(USE_CRYPTO_SUBMODULE)
- add_subdirectory(crypto/tests)
- endif()
# additional convenience targets for Unix only
if(UNIX)
@@ -205,8 +200,6 @@
ADD_CUSTOM_TARGET(covtest
COMMAND make test
COMMAND programs/test/selftest
- COMMAND tests/compat.sh
- COMMAND tests/ssl-opt.sh
)
ADD_CUSTOM_TARGET(lcov
diff --git a/Makefile b/Makefile
index a5b8b61..12d3008 100644
--- a/Makefile
+++ b/Makefile
@@ -19,25 +19,18 @@
tests: lib
$(MAKE) -C tests
-ifdef USE_CRYPTO_SUBMODULE
- $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests
-endif
ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -rp include/mbedtls $(DESTDIR)/include
+ mkdir -p $(DESTDIR)/include/psa
+ cp -rp include/psa $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
-ifdef USE_CRYPTO_SUBMODULE
- mkdir -p $(DESTDIR)/include/psa
- cp -rp crypto/include/psa $(DESTDIR)/include
- cp -RP crypto/library/libmbedcrypto.* $(DESTDIR)/lib
-else
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
-endif
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
@@ -53,9 +46,6 @@
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
-ifdef USE_CRYPTO_SUBMODULE
- $(MAKE) -C crypto uninstall
-endif
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
@@ -97,18 +87,12 @@
$(MAKE) -C library clean
$(MAKE) -C programs clean
$(MAKE) -C tests clean
-ifdef USE_CRYPTO_SUBMODULE
- $(MAKE) -C crypto clean
-endif
ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif
check: lib tests
$(MAKE) -C tests check
-ifdef USE_CRYPTO_SUBMODULE
- $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests check
-endif
test: check
@@ -118,8 +102,6 @@
covtest:
$(MAKE) check
programs/test/selftest
- tests/compat.sh
- tests/ssl-opt.sh
lcov:
rm -rf Coverage
diff --git a/README.md b/README.md
index 91ccf8d..107f7dd 100644
--- a/README.md
+++ b/README.md
@@ -1,224 +1,94 @@
-README for Mbed TLS
-===================
+# Mbed Crypto library
-Configuration
--------------
+The Mbed cryptography library is a reference implementation of the cryptography interface of the Arm Platform Security Architecture (PSA). This is a preview release of Mbed Crypto, provided for evaluation purposes only.
-Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
+Mbed Crypto is distributed under the Apache License, version 2.0. See the [LICENSE](LICENSE) file for the full text of the license.
-Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
+## PSA cryptography API
-Compiling
----------
+Arm's Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
-There are currently three active build systems used within Mbed TLS releases:
+The PSA cryptography API provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
-- GNU Make
-- CMake
-- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
+The design goals of the PSA cryptography API include:
-The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
+* The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired.
+* The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators.
+* All access to the keys happens through handles, which allows support for external cryptoprocessors that is transparent to applications.
+* The interface to algorithms is generic, favoring algorithm agility.
+* The interface is designed to be easy to use and hard to accidentally misuse.
-The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
+## Mbed Crypto implementation
-### Make
+Mbed Crypto is a reference implementation of the PSA cryptography API. It is written in portable C.
-We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools.
+## Documentation
-We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake.
+The Mbed Crypto library is a reference implementation of the PSA cryptography API. Please refer to the PSA Cryptography API documents for an overview of the library's interfaces and a detailed description of the types, macros and functions that it provides.
-In order to build from the source code using GNU Make, just enter at the command line:
+There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
- make
+### PSA Cryptography API
-In order to run the tests, enter:
+You can read the [complete PSA cryptography API specification as a PDF document](https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/PSA_Cryptography_API_Specification.pdf). The API reference is also available in [HTML format](https://htmlpreview.github.io/?https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/html/modules.html).
- make check
+### Browsable library documentation
-The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with:
+To generate a local copy of the library documentation in HTML format:
- make no_test
+1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work.
+1. Run `make apidoc`.
+1. Browse `apidoc/index.html` or `apidoc/modules.html`.
-You'll still be able to run a much smaller set of tests with:
+## Compiling
- programs/test/selftest
+You need the following tools to build the library with the provided makefiles:
-In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
+* GNU Make or a build tool that CMake supports.
+* A C99 toolchain (compiler, linker, archiver).
+* Python 2 or Python 3 (either will work) to generate the test code.
+* Perl to run the tests.
-Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
+If you have a C compiler, such as GCC or Clang, just run `make` in the top-level directory to build the library, a set of unit tests and some sample programs.
-Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line.
+To select a different compiler, set the `CC` variable to the name or path of the compiler and linker (default: `cc`), and set `AR` to a compatible archiver (default: `ar`). For example:
+```
+make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
+```
+The provided makefiles pass options to the compiler that assume a GCC-like command-line syntax. To use a different compiler, you may need to pass different values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
-Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
+To run the unit tests on the host machine, run `make test` from the top-level directory. If you are cross-compiling, copy the test executable from the `tests` directory to the target machine.
-In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://tls.mbed.org/kb).
+### Compiling as a subproject
-### CMake
+Mbed Crypto supports being built as a subproject of Mbed TLS. Mbed TLS can use Mbed Crypto for its cryptography implementation by using Mbed Crypto as a subproject.
-In order to build the source using CMake in a separate directory (recommended), just enter at the command line:
+From the Mbed TLS project repository, CMake can be invoked as follows to build Mbed TLS using Mbed Crypto's `libmbedcrypto`.
+```
+mkdir cmake
+cd cmake
+cmake .. -DUSE_CRYPTO_SUBMODULE=1
+make -j
+make test
+```
- mkdir /path/to/build_dir && cd /path/to/build_dir
- cmake /path/to/mbedtls_source
- make
+When building Mbed Crypto as a subproject of Mbed TLS, the Mbed TLS
+configuration file (config.h) is used, and not the Mbed Crypto configuration
+file.
-In order to run the tests, enter:
+## Example programs
- make test
+The `programs/` subdirectory contains sample programs that use the library. Please note that the goal of these sample programs is to demonstrate specific features of the library, and the code may need to be adapted to build a real-world application.
-The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with:
+## Upcoming features
- cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
+Future releases of this library will include:
-If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
+* A driver programming interface, which makes it possible to use hardware accelerators instead of the default software implementation for chosen algorithms.
+* Support for external keys to be stored and manipulated exclusively in a separate cryptoprocessor.
+* A configuration mechanism to compile only the algorithms you need for your application.
+* A wider set of cryptographic algorithms.
- programs/test/selftest
+## Feedback welcome
-To configure CMake for building shared libraries, use:
-
- cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source
-
-There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
-
-- `Release`. This generates the default code without any unnecessary information in the binary files.
-- `Debug`. This generates debug information and disables optimization of the code.
-- `Coverage`. This generates code coverage information in addition to debug information.
-- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
-- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces.
-- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
-- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
-- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
-
-Switching build modes in CMake is simple. For debug mode, enter at the command line:
-
- cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source
-
-To list other available CMake options, use:
-
- cmake -LH
-
-Note that, with CMake, you can't adjust the compiler or its flags after the
-initial invocation of cmake. This means that `CC=your_cc make` and `make
-CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
-These variables need to be adjusted when invoking cmake for the first time,
-for example:
-
- CC=your_cc cmake /path/to/mbedtls_source
-
-If you already invoked cmake and want to change those settings, you need to
-remove the build directory and create it again.
-
-Note that it is possible to build in-place; this will however overwrite the
-provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to
-prevent `git status` from showing them as modified). In order to do so, from
-the Mbed TLS source directory, use:
-
- cmake .
- make
-
-If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the
-CMake cache. This can be done with the following command using GNU find:
-
- find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
-
-You can now make the desired change:
-
- CC=your_cc cmake .
- make
-
-Regarding variables, also note that if you set CFLAGS when invoking cmake,
-your value of CFLAGS doesn't override the content provided by cmake (depending
-on the build mode as seen above), it's merely prepended to it.
-
-### Microsoft Visual Studio
-
-The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
-
-The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available.
-
-Example programs
-----------------
-
-We've included example programs for a lot of different features and uses in [`programs/`](programs/README.md). Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
-
-Tests
------
-
-Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
-
-For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
-
-- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
-- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
-- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
-- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
-- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
-
-Configurations
---------------
-
-We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
-
-Using Mbed Crypto as a submodule
---------------------------------
-
-As an experimental feature, you can use Mbed Crypto as the source of the cryptography implementation, with Mbed TLS providing the X.509 and TLS parts of the library. Mbed Crypto is currently provided for evaluation only and should not be used in production. At this point, you should only use this option if you want to try out the experimental PSA Crypto API.
-
-To enable the use of Mbed Crypto as a submodule:
-
-1. Check out the `crypto` submodule and update it.
-
- git submodule init crypto
- git submodule update crypto
-
-2. (Optional) TO enable the PSA Crypto API, set the build configuration option `MBEDTLS_PSA_CRYPTO_C`. You can either edit `include/mbedtls/config.h` directly or use the configuration script:
-
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
-
-3. Activate the build option `USE_CRYPTO_SUBMODULE`. With GNU make, set `USE_CRYPTO_SUBMODULE=1` on each make invocation:
-
- make USE_CRYPTO_SUBMODULE=1
- make USE_CRYPTO_SUBMODULE=1 test
- tests/ssl-opt.sh -f Default
-
- Note that you need to pass `USE_CRYPTO_SUBMODULE=1` even to `make clean`. For example, if you change `config.h`, run this before rebuilding:
-
- make USE_CRYPTO_SUBMODULE=1 clean
-
- With CMake, create a build directory (recommended) and pass `-DUSE_CRYPTO_SUBMODULE=1` to `cmake`:
-
- mkdir build
- cd build
- cmake -DUSE_CRYPTO_SUBMODULE=1 ..
- make
- make test
- tests/ssl-opt.sh -f Default
-
-Note that this does not enable the PSA-specific tests and utility programs. To use these programs, use Mbed Crypto as a standalone project.
-
-Porting Mbed TLS
-----------------
-
-Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful:
-
-- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
-- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
-- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
-
-Contributing
-------------
-
-We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
-
-- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
-- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
-- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
-
-To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
-
-### Making a Contribution
-
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
-2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
-3. Write a test which shows that the bug was fixed or that the feature works as expected.
-4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
-
+Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially.
diff --git a/configs/config-default.h b/configs/config-default.h
new file mode 100644
index 0000000..e6abf24
--- /dev/null
+++ b/configs/config-default.h
@@ -0,0 +1,3377 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ * library/aria.c
+ * library/timing.c
+ * include/mbedtls/bn_mul.h
+ *
+ * Required by:
+ * MBEDTLS_AESNI_C
+ * MBEDTLS_PADLOCK_C
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_NO_UDBL_DIVISION
+ *
+ * The platform lacks support for double-width integer division (64-bit
+ * division on a 32-bit platform, 128-bit division on a 64-bit platform).
+ *
+ * Used in:
+ * include/mbedtls/bignum.h
+ * library/bignum.c
+ *
+ * The bignum code uses double-width division to speed up some operations.
+ * Double-width division is often implemented in software that needs to
+ * be linked with the program. The presence of a double-width integer
+ * type is usually detected automatically through preprocessor macros,
+ * but the automatic detection cannot know whether the code needs to
+ * and can be linked with an implementation of division for that type.
+ * By default division is assumed to be usable if the type is present.
+ * Uncomment this option to prevent the use of double-width division.
+ *
+ * Note that division for the native integer type is always required.
+ * Furthermore, a 64-bit type is always required even on a 32-bit
+ * platform, but it need not support multiplication or division. In some
+ * cases it is also desirable to disable some double-width operations. For
+ * example, if double-width division is implemented in software, disabling
+ * it can reduce code size in some embedded targets.
+ */
+//#define MBEDTLS_NO_UDBL_DIVISION
+
+/**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ * library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - the pointer is checked to be non-NULL only if this option is enabled
+ * - the content of the buffer is always validated
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid, it will:
+ * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ * call to the function mbedtls_param_failed()
+ * - immediately return (with a specific error code unless the function
+ * returns void and can't communicate an error).
+ *
+ * When defining this flag, you also need to:
+ * - either provide a definition of the function mbedtls_param_failed() in
+ * your application (see platform_util.h for its prototype) as the library
+ * calls that function, but does not provide a default definition for it,
+ * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ * below if the above mechanism is not flexible enough to suit your needs.
+ * See the documentation of this macro later in this file.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ *
+ * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
+ * use constitutes a security risk. If possible, we recommend
+ * avoiding dependencies on them, and considering stronger message
+ * digests and ciphers instead.
+ *
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_ARIA_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
+//#define MBEDTLS_CMAC_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_DHM_ALT
+//#define MBEDTLS_ECJPAKE_ALT
+//#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_RSA_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+//#define MBEDTLS_XTEA_ALT
+
+/*
+ * When replacing the elliptic curve module, pleace consider, that it is
+ * implemented with two .c files:
+ * - ecp.c
+ * - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
+ * \def MBEDTLS_MD2_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note Because of a signature change, the core AES encryption and decryption routines are
+ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
+ * respectively. When setting up alternative implementations, these functions should
+ * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ * must stay untouched.
+ *
+ * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ *
+ * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
+ * constitutes a security risk. If possible, we recommend avoiding
+ * dependencies on them, and considering stronger message digests
+ * and ciphers instead.
+ *
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
+//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
+
+/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ * unsigned char mbedtls_internal_ecp_grp_capable(
+ * const mbedtls_ecp_group *grp )
+ * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
+ * function, but will use your mbedtls_internal_ecp_double_jac if the group is
+ * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
+ * receives it as an argument). If the group is not supported then the original
+ * implementation is used. The other functions and the definition of
+ * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
+ * implementation of mbedtls_internal_ecp_double_jac and
+ * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_OFB
+ *
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ * MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ *
+ * \warning DES is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers instead.
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module. By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
+ * order to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
+ * number of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ *
+ * \note This option only works with the default software implementation of
+ * elliptic curve functionality. It is incompatible with
+ * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ * MBEDTLS_SHA256_C
+ * MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ * determined in the platform layer, and can be modified at runtime and/or
+ * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ * with regular fopen(), please make sure you make a seedfile with the
+ * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ * and written to or you will get an entropy source error! The default
+ * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ * bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ * given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ * GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_HAS_ITS_IO
+ *
+ * Enable the non-volatile secure storage usage.
+ *
+ * This is crucial on systems that do not have a HW TRNG support.
+ *
+ */
+//#define MBEDTLS_PSA_HAS_ITS_IO
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_ASYNC_PRIVATE
+ *
+ * Enable asynchronous external private key operations in SSL. This allows
+ * you to configure an SSL connection to call an external cryptographic
+ * module to perform private key operations instead of performing the
+ * operation inside the library.
+ *
+ */
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1 or
+ * MBEDTLS_SSL_PROTO_TLS1_1 or
+ * MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1 or
+ * MBEDTLS_SSL_PROTO_TLS1_1 or
+ * MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note Even if this option is disabled, both client and server are aware
+ * of the Renegotiation Indication Extension (RFC 5746) used to
+ * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ * configuration of this extension).
+ *
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ * (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ * or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ * MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+ *
+ * Fallback to old (pre-2.7), non-conforming implementation of the truncated
+ * HMAC extension which also truncates the HMAC key. Note that this option is
+ * only meant for a transitory upgrade period and is likely to be removed in
+ * a future version of the library.
+ *
+ * \warning The old implementation is non-compliant and has a security weakness
+ * (2^80 brute force attack on the HMAC key used for a single,
+ * uninterrupted connection). This should only be enabled temporarily
+ * when (1) the use of truncated HMAC is essential in order to save
+ * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
+ * the fixed implementation yet (pre-2.7).
+ *
+ * \deprecated This option is deprecated and will likely be removed in a
+ * future version of Mbed TLS.
+ *
+ * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
+ *
+ * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, see
+ * #MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Note: this option is still in progress, the full X.509 and TLS modules are
+ * not covered yet, but parts that are not ported to PSA yet will still work
+ * as usual, so enabling this option should not break backwards compatibility.
+ *
+ * \warning Support for PSA is still an experimental feature.
+ * Any public API that depends on this option may change
+ * at any time until this warning is removed.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * \deprecated This feature is deprecated and will be removed
+ * in the next major revision of the library.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module: library/aesni.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module: library/aes.c
+ * Caller: library/cipher.c
+ * library/pem.c
+ * library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module: library/arc4.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. If possible, we recommend avoidng dependencies on
+ * it, and considering stronger ciphers instead.
+ *
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module: library/asn1.c
+ * Caller: library/x509.c
+ * library/dhm.c
+ * library/pkcs12.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module: library/asn1write.c
+ * Caller: library/ecdsa.c
+ * library/pkwrite.c
+ * library/x509_create.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module: library/base64.c
+ * Caller: library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module: library/bignum.c
+ * Caller: library/dhm.c
+ * library/ecp.c
+ * library/ecdsa.c
+ * library/rsa.c
+ * library/rsa_internal.c
+ * library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module: library/camellia.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_ARIA_C
+ *
+ * Enable the ARIA block cipher.
+ *
+ * Module: library/aria.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *
+ * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+ */
+//#define MBEDTLS_ARIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module: library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module: library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module: library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module: library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module: library/cipher.c
+ * Caller: library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * Module: library/cmac.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+//#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
+ *
+ * Module: library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module: library/debug.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module: library/des.c
+ * Caller: library/pem.c
+ * library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ *
+ * \warning DES is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers instead.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module: library/dhm.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module: library/ecdh.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module: library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Module: library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ */
+//#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module: library/ecp.c
+ * Caller: library/ecdh.c
+ * library/ecdsa.c
+ * library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module: library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ * environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ * processor traits. It is therefore not advised to use HAVEGE as
+ * your applications primary random generator or primary entropy pool
+ * input. As a secondary input to your entropy pool, it IS able add
+ * the (limited) extra entropy it provides.
+ *
+ * Module: library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module: library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module: library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module: library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+//#define MBEDTLS_NIST_KW_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module: library/md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module: library/md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ *
+ * \warning MD2 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module: library/md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ *
+ * \warning MD4 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module: library/md5.c
+ * Caller: library/md.c
+ * library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
+ * depending on the handshake parameters. Further, it is used for checking
+ * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
+ * encrypted keys.
+ *
+ * \warning MD5 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module: library/oid.c
+ * Caller: library/asn1write.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ * library/pkwrite.c
+ * library/rsa.c
+ * library/x509.c
+ * library/x509_create.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module: library/pem.c
+ * Caller: library/dhm.c
+ * library/pkparse.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module: library/pem.c
+ * Caller: library/pkwrite.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module: library/pk.c
+ * Caller: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module: library/pkparse.c
+ * Caller: library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module: library/pkwrite.c
+ * Caller: library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module: library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module: library/pkcs11.c
+ * Caller: library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module: library/pkcs12.c
+ * Caller: library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use: MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module: library/platform.c
+ * Caller: Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module: library/poly1305.c
+ * Caller: library/chachapoly.c
+ */
+#define MBEDTLS_POLY1305_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * \note This option only has an effect when the build option
+ * USE_CRYPTO_SUBMODULE is also in use.
+ *
+ * \warning This feature is experimental and available on an opt-in basis only.
+ * PSA APIs are subject to change at any time. The implementation comes with
+ * less assurance and support than the rest of Mbed TLS.
+ *
+ * Module: crypto/library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module: library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C and one of either
+ * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ * (but not both)
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ * Enable persistent key storage over files for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module: library/psa_crypto_storage_file.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ *
+ * Enable persistent key storage over PSA ITS for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module: library/psa_crypto_storage_its.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module: library/ripemd160.c
+ * Caller: library/md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module: library/rsa.c
+ * library/rsa_internal.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module: library/sha1.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
+ * depending on the handshake parameters, and for SHA1-signed certificates.
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module: library/sha256.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module: library/sha512.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module: library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module: library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module: library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module: library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module: library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module: library/ssl_tls.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+ *
+ * Module: library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module: library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module: library/x509.c
+ * Caller: library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ * MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module: library/x509_crt.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module: library/x509_csr.c
+ * Caller: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module: library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module: library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module: library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/**
+ * \brief This macro is invoked by the library when an invalid parameter
+ * is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ * (see the documentation of that option for context).
+ *
+ * When you leave this undefined here, a default definition is
+ * provided that invokes the function mbedtls_param_failed(),
+ * which is declared in platform_util.h for the benefit of the
+ * library, but that you need to define in your application.
+ *
+ * When you define this here, this replaces the default
+ * definition in platform_util.h (which no longer declares the
+ * function mbedtls_param_failed()) and it is your responsibility
+ * to make sure this macro expands to something suitable (in
+ * particular, that all the necessary declarations are visible
+ * from within the library - you can ensure that by providing
+ * them in this file next to the macro definition).
+ *
+ * Note that you may define this macro to expand to nothing, in
+ * which case you don't have to worry about declarations or
+ * definitions. However, you will then be notified about invalid
+ * parameters only in non-void functions, and void function will
+ * just silently return early on invalid parameters, which
+ * partially negates the benefits of enabling
+ * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
+
+/* SSL options */
+
+/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
+ *
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
+ *
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
+ */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming plaintext fragments.
+ *
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of outgoing plaintext fragments.
+ *
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Allow SHA-1 in the default TLS configuration for certificate signing.
+ * Without this build-time option, SHA-1 support must be activated explicitly
+ * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
+ * recommended because of it is possible to generate SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * to preserve compatibility with existing peers, but the general
+ * warning applies nonetheless:
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/**
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/* \} name SECTION: Customisation configuration options */
+
+/* Target and application specific configurations
+ *
+ * Allow user to override any previous default.
+ *
+ */
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 013bc03..d4743bb 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -70,9 +70,6 @@
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
-/* For testing with compat.sh */
-#define MBEDTLS_FS_IO
-
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
new file mode 100644
index 0000000..4873c36
--- /dev/null
+++ b/configs/config-psa-crypto.h
@@ -0,0 +1,3373 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ * library/aria.c
+ * library/timing.c
+ * include/mbedtls/bn_mul.h
+ *
+ * Required by:
+ * MBEDTLS_AESNI_C
+ * MBEDTLS_PADLOCK_C
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_NO_UDBL_DIVISION
+ *
+ * The platform lacks support for double-width integer division (64-bit
+ * division on a 32-bit platform, 128-bit division on a 64-bit platform).
+ *
+ * Used in:
+ * include/mbedtls/bignum.h
+ * library/bignum.c
+ *
+ * The bignum code uses double-width division to speed up some operations.
+ * Double-width division is often implemented in software that needs to
+ * be linked with the program. The presence of a double-width integer
+ * type is usually detected automatically through preprocessor macros,
+ * but the automatic detection cannot know whether the code needs to
+ * and can be linked with an implementation of division for that type.
+ * By default division is assumed to be usable if the type is present.
+ * Uncomment this option to prevent the use of double-width division.
+ *
+ * Note that division for the native integer type is always required.
+ * Furthermore, a 64-bit type is always required even on a 32-bit
+ * platform, but it need not support multiplication or division. In some
+ * cases it is also desirable to disable some double-width operations. For
+ * example, if double-width division is implemented in software, disabling
+ * it can reduce code size in some embedded targets.
+ */
+//#define MBEDTLS_NO_UDBL_DIVISION
+
+/**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ * library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - the pointer is checked to be non-NULL only if this option is enabled
+ * - the content of the buffer is always validated
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid, it will:
+ * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ * call to the function mbedtls_param_failed()
+ * - immediately return (with a specific error code unless the function
+ * returns void and can't communicate an error).
+ *
+ * When defining this flag, you also need to:
+ * - either provide a definition of the function mbedtls_param_failed() in
+ * your application (see platform_util.h for its prototype) as the library
+ * calls that function, but does not provide a default definition for it,
+ * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ * below if the above mechanism is not flexible enough to suit your needs.
+ * See the documentation of this macro later in this file.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ *
+ * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
+ * use constitutes a security risk. If possible, we recommend
+ * avoiding dependencies on them, and considering stronger message
+ * digests and ciphers instead.
+ *
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_ARIA_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
+//#define MBEDTLS_CMAC_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_DHM_ALT
+//#define MBEDTLS_ECJPAKE_ALT
+//#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_RSA_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+//#define MBEDTLS_XTEA_ALT
+
+/*
+ * When replacing the elliptic curve module, pleace consider, that it is
+ * implemented with two .c files:
+ * - ecp.c
+ * - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
+ * \def MBEDTLS_MD2_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note Because of a signature change, the core AES encryption and decryption routines are
+ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
+ * respectively. When setting up alternative implementations, these functions should
+ * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ * must stay untouched.
+ *
+ * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ *
+ * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
+ * constitutes a security risk. If possible, we recommend avoiding
+ * dependencies on them, and considering stronger message digests
+ * and ciphers instead.
+ *
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
+//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
+
+/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ * unsigned char mbedtls_internal_ecp_grp_capable(
+ * const mbedtls_ecp_group *grp )
+ * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
+ * function, but will use your mbedtls_internal_ecp_double_jac if the group is
+ * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
+ * receives it as an argument). If the group is not supported then the original
+ * implementation is used. The other functions and the definition of
+ * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
+ * implementation of mbedtls_internal_ecp_double_jac and
+ * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_OFB
+ *
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ * MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ * MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ * MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ *
+ * \warning DES is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers instead.
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module. By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
+ * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
+ * to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
+ * of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ *
+ * \note This option only works with the default software implementation of
+ * elliptic curve functionality. It is incompatible with
+ * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ * MBEDTLS_SHA256_C
+ * MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ * determined in the platform layer, and can be modified at runtime and/or
+ * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ * with regular fopen(), please make sure you make a seedfile with the
+ * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ * and written to or you will get an entropy source error! The default
+ * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ * bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ * given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+ *
+ * In PSA key storage, encode the owner of the key.
+ *
+ * This is only meaningful when building the library as part of a
+ * multi-client service. When you activate this option, you must provide
+ * an implementation of the type psa_key_owner_id_t and a translation
+ * from psa_key_file_id_t to file name in all the storage backends that
+ * you wish to support.
+ *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ * GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
+ *
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
+ *
+ */
+//#define MBEDTLS_PSA_INJECT_ENTROPY
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_ASYNC_PRIVATE
+ *
+ * Enable asynchronous external private key operations in SSL. This allows
+ * you to configure an SSL connection to call an external cryptographic
+ * module to perform private key operations instead of performing the
+ * operation inside the library.
+ *
+ */
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1 or
+ * MBEDTLS_SSL_PROTO_TLS1_1 or
+ * MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1 or
+ * MBEDTLS_SSL_PROTO_TLS1_1 or
+ * MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note Even if this option is disabled, both client and server are aware
+ * of the Renegotiation Indication Extension (RFC 5746) used to
+ * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ * configuration of this extension).
+ *
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ * MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ * (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ * or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ * MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+ *
+ * Fallback to old (pre-2.7), non-conforming implementation of the truncated
+ * HMAC extension which also truncates the HMAC key. Note that this option is
+ * only meant for a transitory upgrade period and is likely to be removed in
+ * a future version of the library.
+ *
+ * \warning The old implementation is non-compliant and has a security weakness
+ * (2^80 brute force attack on the HMAC key used for a single,
+ * uninterrupted connection). This should only be enabled temporarily
+ * when (1) the use of truncated HMAC is essential in order to save
+ * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
+ * the fixed implementation yet (pre-2.7).
+ *
+ * \deprecated This option is deprecated and will likely be removed in a
+ * future version of Mbed TLS.
+ *
+ * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
+ *
+ * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, see
+ * #MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Note: this option is still in progress, the full X.509 and TLS modules are
+ * not covered yet, but parts that are not ported to PSA yet will still work
+ * as usual, so enabling this option should not break backwards compatibility.
+ *
+ * \warning Support for PSA is still an experimental feature.
+ * Any public API that depends on this option may change
+ * at any time until this warning is removed.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * \deprecated This feature is deprecated and will be removed
+ * in the next major revision of the library.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module: library/aesni.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module: library/aes.c
+ * Caller: library/cipher.c
+ * library/pem.c
+ * library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module: library/arc4.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. If possible, we recommend avoidng dependencies on
+ * it, and considering stronger ciphers instead.
+ *
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module: library/asn1.c
+ * Caller: library/x509.c
+ * library/dhm.c
+ * library/pkcs12.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module: library/asn1write.c
+ * Caller: library/ecdsa.c
+ * library/pkwrite.c
+ * library/x509_create.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module: library/base64.c
+ * Caller: library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module: library/bignum.c
+ * Caller: library/dhm.c
+ * library/ecp.c
+ * library/ecdsa.c
+ * library/rsa.c
+ * library/rsa_internal.c
+ * library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module: library/camellia.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_ARIA_C
+ *
+ * Enable the ARIA block cipher.
+ *
+ * Module: library/aria.c
+ * Caller: library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *
+ * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+ * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+ * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+ */
+//#define MBEDTLS_ARIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module: library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module: library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module: library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module: library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module: library/cipher.c
+ * Caller: library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * Module: library/cmac.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
+ *
+ * Module: library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module: library/debug.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module: library/des.c
+ * Caller: library/pem.c
+ * library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ *
+ * \warning DES is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers instead.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module: library/dhm.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
+ *
+ * \warning Using DHE constitutes a security risk as it
+ * is not possible to validate custom DH parameters.
+ * If possible, it is recommended users should consider
+ * preferring other methods of key exchange.
+ * See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module: library/ecdh.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module: library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Module: library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ * ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ */
+//#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module: library/ecp.c
+ * Caller: library/ecdh.c
+ * library/ecdsa.c
+ * library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module: library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ * environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ * processor traits. It is therefore not advised to use HAVEGE as
+ * your applications primary random generator or primary entropy pool
+ * input. As a secondary input to your entropy pool, it IS able add
+ * the (limited) extra entropy it provides.
+ *
+ * Module: library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module: library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module: library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module: library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+//#define MBEDTLS_NIST_KW_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module: library/md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module: library/md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ *
+ * \warning MD2 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module: library/md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ *
+ * \warning MD4 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module: library/md5.c
+ * Caller: library/md.c
+ * library/pem.c
+ * library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
+ * depending on the handshake parameters. Further, it is used for checking
+ * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
+ * encrypted keys.
+ *
+ * \warning MD5 is considered a weak message digest and its use constitutes a
+ * security risk. If possible, we recommend avoiding dependencies on
+ * it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module: library/oid.c
+ * Caller: library/asn1write.c
+ * library/pkcs5.c
+ * library/pkparse.c
+ * library/pkwrite.c
+ * library/rsa.c
+ * library/x509.c
+ * library/x509_create.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module: library/pem.c
+ * Caller: library/dhm.c
+ * library/pkparse.c
+ * library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module: library/pem.c
+ * Caller: library/pkwrite.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module: library/pk.c
+ * Caller: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module: library/pkparse.c
+ * Caller: library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module: library/pkwrite.c
+ * Caller: library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module: library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module: library/pkcs11.c
+ * Caller: library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module: library/pkcs12.c
+ * Caller: library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use: MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module: library/platform.c
+ * Caller: Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module: library/poly1305.c
+ * Caller: library/chachapoly.c
+ */
+#define MBEDTLS_POLY1305_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module: library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module: library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_ITS_FILE_C
+ *
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
+ *
+ * Module: library/psa_its_file.c
+ *
+ * Requires: MBEDTLS_FS_IO
+ */
+#define MBEDTLS_PSA_ITS_FILE_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module: library/ripemd160.c
+ * Caller: library/md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module: library/rsa.c
+ * library/rsa_internal.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module: library/sha1.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
+ * depending on the handshake parameters, and for SHA1-signed certificates.
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module: library/sha256.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module: library/sha512.c
+ * Caller: library/entropy.c
+ * library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module: library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module: library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module: library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module: library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module: library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module: library/ssl_tls.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+ *
+ * Module: library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module: library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module: library/x509.c
+ * Caller: library/x509_crl.c
+ * library/x509_crt.c
+ * library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ * MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module: library/x509_crt.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ * library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module: library/x509_crl.c
+ * Caller: library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module: library/x509_csr.c
+ * Caller: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module: library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module: library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module: library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module: library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/**
+ * \brief This macro is invoked by the library when an invalid parameter
+ * is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ * (see the documentation of that option for context).
+ *
+ * When you leave this undefined here, a default definition is
+ * provided that invokes the function mbedtls_param_failed(),
+ * which is declared in platform_util.h for the benefit of the
+ * library, but that you need to define in your application.
+ *
+ * When you define this here, this replaces the default
+ * definition in platform_util.h (which no longer declares the
+ * function mbedtls_param_failed()) and it is your responsibility
+ * to make sure this macro expands to something suitable (in
+ * particular, that all the necessary declarations are visible
+ * from within the library - you can ensure that by providing
+ * them in this file next to the macro definition).
+ *
+ * Note that you may define this macro to expand to nothing, in
+ * which case you don't have to worry about declarations or
+ * definitions. However, you will then be notified about invalid
+ * parameters only in non-void functions, and void function will
+ * just silently return early on invalid parameters, which
+ * partially negates the benefits of enabling
+ * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
+
+/* SSL options */
+
+/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
+ *
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
+ *
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
+ */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming plaintext fragments.
+ *
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of outgoing plaintext fragments.
+ *
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Allow SHA-1 in the default TLS configuration for certificate signing.
+ * Without this build-time option, SHA-1 support must be activated explicitly
+ * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
+ * recommended because of it is possible to generate SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * to preserve compatibility with existing peers, but the general
+ * warning applies nonetheless:
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/**
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/* \} name SECTION: Customisation configuration options */
+
+/* Target and application specific configurations
+ *
+ * Allow user to override any previous default.
+ *
+ */
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 25db16b..f729a03 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -75,10 +75,6 @@
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
-/* For tests using ssl-opt.sh */
-#define MBEDTLS_NET_C
-#define MBEDTLS_TIMING_C
-
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES
diff --git a/crypto b/crypto
deleted file mode 160000
index 125a1e9..0000000
--- a/crypto
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 125a1e980e44a8b756ba3a9a3b7c4d1ce5cbf134
diff --git a/docs/PSACryptoDriverModelSpec.pdf b/docs/PSACryptoDriverModelSpec.pdf
new file mode 100644
index 0000000..cf11380
--- /dev/null
+++ b/docs/PSACryptoDriverModelSpec.pdf
Binary files differ
diff --git a/docs/architecture/.gitignore b/docs/architecture/.gitignore
new file mode 100644
index 0000000..23f832b
--- /dev/null
+++ b/docs/architecture/.gitignore
@@ -0,0 +1,2 @@
+*.html
+*.pdf
diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile
new file mode 100644
index 0000000..f763c9c
--- /dev/null
+++ b/docs/architecture/Makefile
@@ -0,0 +1,19 @@
+PANDOC = pandoc
+
+default: all
+
+all_markdown = \
+ mbed-crypto-storage-specification.md \
+ # This line is intentionally left blank
+
+html: $(all_markdown:.md=.html)
+pdf: $(all_markdown:.md=.pdf)
+all: html pdf
+
+.SUFFIXES:
+.SUFFIXES: .md .html .pdf
+
+.md.html:
+ $(PANDOC) -o $@ $<
+.md.pdf:
+ $(PANDOC) -o $@ $<
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
new file mode 100644
index 0000000..2d4fed5
--- /dev/null
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -0,0 +1,161 @@
+Mbed Crypto storage specification
+=================================
+
+This document specifies how Mbed Crypto uses storage.
+
+Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore:
+
+1. Any change may break existing installations and may require an upgrade path.
+1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released.
+
+Mbed Crypto 0.1.0
+-----------------
+
+Tags: mbedcrypto-0.1.0b, mbedcrypto-0.1.0b2
+
+Released in November 2018. <br>
+Integrated in Mbed OS 5.11.
+
+Supported backends:
+
+* [PSA ITS](#file-namespace-on-its-for-0.1.0)
+* [C stdio](#file-namespace-on-stdio-for-0.1.0)
+
+Supported features:
+
+* [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-names-for-0.1.0).
+* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0) on ITS only.
+
+This is a beta release, and we do not promise backward compatibility, with one exception:
+
+> On Mbed OS, if a device has a nonvolatile random seed file produced with Mbed OS 5.11.x and is upgraded to a later version of Mbed OS, the nonvolatile random seed file is preserved or upgraded.
+
+We do not make any promises regarding key storage, or regarding the nonvolatile random seed file on other platforms.
+
+### Key names for 0.1.0
+
+Information about each key is stored in a dedicated file whose name is constructed from the key identifier. The way in which the file name is constructed depends on the storage backend. The content of the file is described [below](#key-file-format-for-0.1.0).
+
+The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
+
+The code uses the following constant in an internal header (note that despite the name, this value is actually one plus the maximum permitted value):
+
+ #define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
+
+There is a shared namespace for all callers.
+
+### Key file format for 0.1.0
+
+All integers are encoded in little-endian order in 8-bit bytes.
+
+The layout of a key file is:
+
+* magic (8 bytes): `"PSA\0KEY\0"`
+* version (4 bytes): 0
+* type (4 bytes): `psa_key_type_t` value
+* policy usage flags (4 bytes): `psa_key_usage_t` value
+* policy usage algorithm (4 bytes): `psa_algorithm_t` value
+* key material length (4 bytes)
+* key material: output of `psa_export_key`
+* Any trailing data is rejected on load.
+
+### Nonvolatile random seed file format for 0.1.0
+
+The nonvolatile random seed file contains a seed for the random generator. If present, it is rewritten at each boot as part of the random generator initialization.
+
+The file format is just the seed as a byte string with no metadata or encoding of any kind.
+
+### File namespace on ITS for 0.1.0
+
+Assumption: ITS provides a 32-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+* File 0: unused.
+* Files 1 through 0xfffeffff: [content](#key-file-format-for-0.1.0) of the [key whose identifier is the file identifier](#key-names-for-0.1.0).
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0).
+* Files 0xffff0000 through 0xffffff51, 0xffffff53 through 0xffffffff: unused.
+
+### File namespace on stdio for 0.1.0
+
+Assumption: C stdio, allowing names containing lowercase letters, digits and underscores, of length up to 23.
+
+An undocumented build-time configuration value `CRYPTO_STORAGE_FILE_LOCATION` allows storing the key files in a directory other than the current directory. This value is simply prepended to the file name (so it must end with a directory separator to put the keys in a different directory).
+
+* `CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0"`: used as a temporary file. Must be writable. May be overwritten or deleted if present.
+* `sprintf(CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu", key_id)` [content](#key-file-format-for-0.1.0) of the [key whose identifier](#key-names-for-0.1.0) is `key_id`.
+* Other files: unused.
+
+Mbed Crypto 0.2.0
+-----------------
+
+**Warning:** the information in this section is provisional and may change before Mbed Crypto is released for Mbed OS 5.12. At the time of writing, we don't even know whether this version will be called 0.2.0.
+
+To be released for Mbed OS 5.12.
+
+Supported integrations:
+
+* [PSA platform](#file-namespace-on-a-psa-platform-for-0.2.0)
+* [library using PSA ITS](#file-namespace-on-its-as-a-library-for-0.2.0)
+* [library using C stdio](#file-namespace-on-stdio-for-0.2.0)
+
+Supported features:
+
+* [Persistent transparent keys](#key-file-format-for-0.2.0) designated by a [key identifier and owner](#key-names-for-0.2.0).
+* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.2.0) on ITS only.
+
+Backward compatibility commitments: TBD
+
+### Key names for 0.2.0
+
+Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier.
+
+The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-0.2.0).
+
+The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
+
+* Library integration: the key file name is just the key identifer. This is a 32-bit value.
+* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
+
+### Key file format for 0.2.0
+
+The layout is identical to [0.1.0](#key-file-format-for-0.1.0) so far. However note that the encoding of key types, algorithms and key material has changed, therefore the storage format is not compatible (despite using the same value in the version field so far).
+
+### Nonvolatile random seed file format for 0.2.0
+
+[Identical to 0.1.0](#nonvolatile-random-seed-file-format-for-0.1.0).
+
+### File namespace on a PSA platform for 0.2.0
+
+Assumption: ITS provides a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+Assumption: the owner identifier is a nonzero value of type `int32_t`.
+
+* Files 0 through 0xffffff51, 0xffffff53 through 0xffffffff: unused, reserved for internal use of the crypto library or crypto service.
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0).
+* Files 0x100000000 through 0xffffffffffff: [content](#key-file-format-for-0.2.0) of the [key whose identifier is the file identifier](#key-names-for-0.2.0). The upper 32 bits determine the owner.
+
+### File namespace on ITS as a library for 0.2.0
+
+Assumption: ITS provides a 64-bit file identifier namespace. The entity using the crypto library can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+This is a library integration, so there is no owner. The key file identifier is identical to the key identifier.
+
+* File 0: unused.
+* Files 1 through 0xfffeffff: [content](#key-file-format-for-0.2.0) of the [key whose identifier is the file identifier](#key-names-for-0.2.0).
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.2.0).
+* Files 0xffff0000 through 0xffffff51, 0xffffff53 through 0xffffffff, 0x100000000 through 0xffffffffffffffff: unused.
+
+### File namespace on stdio for 0.2.0
+
+This is a library integration, so there is no owner. The key file identifier is identical to the key identifier.
+
+[Identical to 0.1.0](#file-namespace-on-stdio-for-0.1.0).
+
+### Upgrade from 0.1.0 to 0.2.0.
+
+* Delete files 1 through 0xfffeffff, which contain keys in a format that is no longer supported.
+
+### Suggested changes to make before 0.2.0
+
+The library integration and the PSA platform integration use different sets of file names. This is annoyingly non-uniform. For example, if we want to store non-key files, we have room in different ranges (0 through 0xffffffff on a PSA platform, 0xffff0000 through 0xffffffffffffffff in a library integration).
+
+It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the range 0–0xffffffff for internal library use.
diff --git a/docs/getting_started.md b/docs/getting_started.md
new file mode 100644
index 0000000..3008a19
--- /dev/null
+++ b/docs/getting_started.md
@@ -0,0 +1,525 @@
+## Getting started with Mbed Crypto
+
+### What is Mbed Crypto?
+
+Mbed Crypto is an open source cryptographic library that supports a wide range of cryptographic operations, including:
+* Key management
+* Hashing
+* Symmetric cryptography
+* Asymmetric cryptography
+* Message authentication (MAC)
+* Key generation and derivation
+* Authenticated encryption with associated data (AEAD)
+
+The Mbed Crypto library is a reference implementation of the cryptography interface of the Arm Platform Security Architecture (PSA). It is written in portable C.
+
+The Mbed Crypto library is distributed under the Apache License, version 2.0.
+
+#### Platform Security Architecture (PSA)
+
+Arm's Platform Security Architecture (PSA) is a holistic set of threat models,
+security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. Part of the API provided by PSA is the cryptography interface, which provides access to a set of primitives.
+
+### Using Mbed Crypto
+
+* [Getting the Mbed Crypto library](#getting-the-mbed-crypto-library)
+* [Building the Mbed Crypto library](#building-the-mbed-crypto-library)
+* [Using the Mbed Crypto library](#using-the-mbed-crypto-library)
+* [Importing a key](#importing-a-key)
+* [Signing a message using RSA](#signing-a-message-using-RSA)
+* [Encrypting or decrypting using symmetric ciphers](#encrypting-or-decrypting-using-symmetric-ciphers)
+* [Hashing a message](#hashing-a-message)
+* [Deriving a new key from an existing key](#deriving-a-new-key-from-an-existing-key)
+* [Generating a random value](#generating-a-random-value)
+* [Authenticating and encrypting or decrypting a message](#authenticating-and-encrypting-or-decrypting-a-message)
+* [Generating and exporting keys](#generating-and-exporting-keys)
+* [More about the Mbed Crypto library](#more-about-the-mbed-crypto-library)
+
+### Getting the Mbed Crypto library
+
+Mbed Crypto releases are available in the [public Github repository]( https://github.com/ARMmbed/mbed-crypto).
+
+### Building the Mbed Crypto library
+
+You need the following tools to build the library with the provided makefiles:
+* GNU Make.
+* A C toolchain (compiler, linker, archiver).
+* Python 2 or Python 3 (either works) to generate the test code.
+* Perl to run the tests.
+
+If you have a C compiler such as GCC or Clang, just run `make` in the top-level directory to build the library, a set of unit tests and some sample programs.
+
+To select a different compiler, set the `CC` variable to name or path of the compiler and linker (default: `cc`) and set `AR` to a compatible archiver (default: `ar`), such as:
+```
+make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
+```
+The provided makefiles pass options to the compiler that assume a GCC-like command line syntax. To use a different compiler, you may need to pass different values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
+
+To run the unit tests on the host machine, run `make test` from the top-level directory. If you are cross-compiling, copy the test executable from the `tests` directory to the target machine.
+
+### Using the Mbed Crypto library
+
+To use the Mbed Crypto APIs, call `psa_crypto_init()` before calling any other API. This initializes the library.
+
+### Importing a key
+
+To use a key for cryptography operations in Mbed Crypto, you need to first import it into a key slot. Each slot can store only one key at a time. The slot where the key is stored must be unoccupied, and valid for a key of the chosen type.
+
+Prerequisites to importing keys:
+* Initialize the library with a successful call to `psa_crypto_init`.
+
+Importing a key and checking key information:
+1. Import a key pair into key slot `1`.
+1. Test the information stored in this slot:
+```C
+ int key_slot = 1;
+ uint8_t *data = "KEYPAIR_KEY_DATA";
+ size_t data_size;
+ psa_key_type_t type = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+ size_t got_bits;
+ psa_key_type_t got_type;
+ size_t expected_bits = data_size;
+ psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
+ size_t export_size = data_size;
+
+ psa_crypto_init();
+
+ /* Import the key */
+ status = psa_import_key(key_slot, type, data, data_size);
+
+ /* Test the key information */
+ status = psa_get_key_information(slot, &got_type, &got_bits);
+
+ /* Destroy the key */
+ psa_destroy_key(key_slot);
+ mbedtls_psa_crypto_free();
+```
+
+### Signing a message using RSA
+
+Mbed Crypto provides support for encrypting, decrypting, signing and verifying messages using public key signature algorithms (such as RSA or ECDSA).
+
+Prerequisites to working with the asymmetric cipher API:
+* Initialize the library with a successful call to `psa_crypto_init`.
+* Configure the key policy accordingly:
+ * `PSA_KEY_USAGE_SIGN` to allow signing.
+ * `PSA_KEY_USAGE_VERIFY` to allow signature verification.
+* Have a valid key in the key slot.
+
+To sign a given message `payload` using RSA:
+1. Set the key policy of the chosen key slot by calling `psa_key_policy_set_usage()` with the `PSA_KEY_USAGE_SIGN` parameter and the algorithm `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
+This allows the key in the key slot to be used for RSA signing.
+1. Import the key into the key slot by calling `psa_import_key()`. You can use an already imported key instead of importing a new one.
+1. Call `psa_asymmetric_sign()` and get the output buffer that contains the signature:
+```C
+ psa_status_t status;
+ int key_slot = 1;
+ unsigned char key[] = "RSA_KEY";
+ unsigned char payload[] = "ASYMMETRIC_INPUT_FOR_SIGN";
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ size_t signature_length;
+
+ status = psa_crypto_init();
+
+ /* Import the key */
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
+ status = psa_set_key_policy(key_slot, &policy);
+
+ status = psa_import_key(key_slot, PSA_KEY_TYPE_RSA_KEYPAIR,
+ key, sizeof(key));
+
+ /* Sing message using the key */
+ status = psa_asymmetric_sign(key_slot, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ payload, sizeof(payload),
+ signature, sizeof(signature),
+ &signature_length);
+ /* Destroy the key */
+ psa_destroy_key(key_slot);
+ mbedtls_psa_crypto_free();
+```
+
+### Encrypting or decrypting using symmetric ciphers
+
+Mbed Crypto provides support for encrypting and decrypting messages using various symmetric cipher algorithms (both block and stream ciphers).
+
+Prerequisites to working with the symmetric cipher API:
+* Initialize the library with a successful call to `psa_crypto_init`.
+* Configure the key policy accordingly (`PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption).
+* Have a valid key in the key slot.
+
+Encrypting a message with a symmetric cipher:
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Call `psa_cipher_encrypt_setup` to initialize the operation structure and specify the algorithm and the key to be used.
+1. Call either `psa_cipher_generate_iv` or `psa_cipher_set_iv` to generate or set the initialization vector (IV). We recommended `psa_cipher_generate_iv`, unless you require a specific IV value.
+1. Call `psa_cipher_update` one or more times, passing either the whole or only a fragment of the message each time.
+1. Call `psa_cipher_finish` to end the operation and output the encrypted message.
+
+Encrypting random data using an AES key in cipher block chain (CBC) mode with no padding (assuming all prerequisites have been fulfilled):
+```c
+ psa_key_slot_t key_slot = 1;
+ psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+ psa_cipher_operation_t operation;
+ size_t block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES);
+ unsigned char input[block_size];
+ unsigned char iv[block_size];
+ size_t iv_len;
+ unsigned char output[block_size];
+ size_t output_len;
+
+ /* generate some random data to be encrypted */
+ psa_generate_random(input, sizeof(input));
+
+ /* encrypt the key */
+ psa_cipher_encrypt_setup(&operation, key_slot, alg);
+ psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len);
+ psa_cipher_update(&operation, input, sizeof(input),
+ output, sizeof(output),
+ &output_len);
+ psa_cipher_finish(&operation,
+ output + output_len, sizeof(output) - output_len,
+ &output_len);
+ /* Clean up cipher operation context */
+ psa_cipher_abort(&operation);
+```
+
+Decrypting a message with a symmetric cipher:
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Call `psa_cipher_decrypt_setup` to initialize the operation structure and to specify the algorithm and the key to be used.
+1. Call `psa_cipher_set_iv` with the IV for the decryption.
+1. Call `psa_cipher_update` one or more times passing either the whole or only a fragment of the message each time.
+1. Call `psa_cipher_finish` to end the operation and output the decrypted message.
+
+Decrypting encrypted data using an AES key in CBC mode with no padding
+(assuming all prerequisites have been fulfilled):
+```c
+ psa_key_slot_t key_slot = 1;
+ psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+ psa_cipher_operation_t operation;
+ size_t block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES);
+ unsigned char input[block_size];
+ unsigned char iv[block_size];
+ size_t iv_len;
+ unsigned char output[block_size];
+ size_t output_len;
+
+ /* setup input data */
+ fetch_iv(iv, sizeof(iv)); /* fetch the IV used when the data was encrypted */
+ fetch_input(input, sizeof(input)); /* fetch the data to be decrypted */
+
+ /* encrypt the encrypted data */
+ psa_cipher_decrypt_setup(&operation, key_slot, alg);
+ psa_cipher_set_iv(&operation, iv, sizeof(iv));
+ psa_cipher_update(&operation, input, sizeof(input),
+ output, sizeof(output),
+ &output_len);
+ psa_cipher_finish(&operation,
+ output + output_len, sizeof(output) - output_len,
+ &output_len);
+ /* Clean up cipher operation context */
+ psa_cipher_abort(&operation);
+```
+
+#### Handling cipher operation contexts
+
+Once you've initialized the operation structure with a successful call to `psa_cipher_encrypt_setup` or `psa_cipher_decrypt_setup`, you can terminate the operation at any time by calling `psa_cipher_abort`.
+
+The call to `psa_cipher_abort` frees any resources associated with the operation (except for the operation structure itself). An implicit call to `psa_cipher_abort` occurs when any of these conditions occur:
+* A call to `psa_cipher_generate_iv`, `psa_cipher_set_iv` or `psa_cipher_update` has failed (returning any status other than `PSA_SUCCESS`).
+* Either a successful or failed call to `psa_cipher_finish`.
+
+Once `psa_cipher_abort` has been called (either implicitly by the implementation or explicitly by the user), the operation structure is invalidated and may not be reused for the same operation. However, the operation structure may be reused for a different operation by calling either `psa_cipher_encrypt_setup` or `psa_cipher_decrypt_setup` again.
+
+For an operation that has been initialized successfully (by a successful call to `psa_cipher_encrypt_setup` or `psa_cipher_decrypt_setup`) it is imperative that at some time `psa_cipher_abort` is called.
+
+Multiple sequential calls to `psa_cipher_abort` on an operation that has already been terminated (either implicitly or explicitly) are safe and have no effect.
+
+### Hashing a message
+
+Mbed Crypto lets you compute and verify hashes using various hashing algorithms.
+
+The current implementation supports the following hash algorithms: `MD2`, `MD4`, `MD5`, `RIPEMD160`, `SHA-1`, `SHA-224`, `SHA-256`, `SHA-384`, and `SHA-512`.
+
+Prerequisites to working with the hash APIs:
+* Initialize the library with a successful call to `psa_crypto_init`.
+
+To calculate a hash:
+1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash functions.
+1. Call `psa_hash_setup` to initialize the operation structure and specify the hash algorithm.
+1. Call `psa_hash_update` one or more times, passing either the whole or only a fragment of the message each time.
+1. Call `psa_hash_finish` to calculate the hash, or `psa_hash_verify` to compare the computed hash with an expected hash value.
+
+Calculate the `SHA-256` hash of a message:
+```c
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ psa_hash_operation_t operation;
+ unsigned char input[] = { 'a', 'b', 'c' };
+ unsigned char actual_hash[PSA_HASH_MAX_SIZE];
+ size_t actual_hash_len;
+
+ /* Compute hash of message */
+ psa_hash_setup(&operation, alg);
+ psa_hash_update(&operation, input, sizeof(input));
+ psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), &actual_hash_len);
+
+ /* Clean up hash operation context */
+ psa_hash_abort(&operation);
+```
+
+Verify the `SHA-256` hash of a message:
+```c
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ psa_hash_operation_t operation;
+ unsigned char input[] = { 'a', 'b', 'c' };
+ unsigned char expected_hash[] = {
+ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
+ 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+ };
+ size_t expected_hash_len = PSA_HASH_SIZE(alg);
+
+ /* Verify message hash */
+ psa_hash_setup(&operation, alg);
+ psa_hash_update(&operation, input, sizeof(input));
+ psa_hash_verify(&operation, expected_hash, expected_hash_len);
+```
+
+The API provides the macro `PSA_HASH_SIZE`, which returns the expected hash length (in bytes) for the specified algorithm.
+
+#### Handling hash operation contexts
+
+Once the operation structure has been successfully initialized by a successful call to `psa_hash_setup`, it's possible to terminate the operation at any time by calling `psa_hash_abort`. The call to `psa_hash_abort` frees any resources associated with the operation (except for the operation structure itself).
+
+An implicit call to `psa_hash_abort` occurs when any of these conditions occur:
+1. A call to `psa_hash_update` has failed (returning any status other than `PSA_SUCCESS`).
+1. Either a successful or failed call to `psa_hash_finish`.
+1. Either a successful or failed call to `psa_hash_verify`.
+
+Once `psa_hash_abort` has been called (either implicitly by the implementation or explicitly by the user), the operation structure is invalidated and may not be reused for the same operation. However, the operation structure may be reused for a different operation by calling `psa_hash_setup` again.
+
+For an operation that has been initialized successfully (by a successful call to `psa_hash_setup`) it is imperative that at some time `psa_hash_abort` is called.
+
+Multiple sequential calls to `psa_hash_abort` on an operation that has already been terminated (either implicitly or explicitly) is safe and has no effect.
+
+### Generating a random value
+
+Mbed Crypto can generate random data.
+
+Prerequisites to random generation:
+* Initialize the library with a successful call to `psa_crypto_init`.
+
+Generate a random, ten-byte piece of data:
+1. Generate random bytes by calling `psa_generate_random()`:
+```C
+ psa_status_t status;
+ uint8_t random[10] = { 0 };
+ psa_crypto_init();
+ status = psa_generate_random(random, sizeof(random));
+
+ mbedtls_psa_crypto_free();
+```
+
+### Deriving a new key from an existing key
+
+Mbed Crypto provides a key derivation API that lets you derive new keys from existing ones. Key derivation is based upon the generator abstraction. A generator must first be initialized and set up (provided with a key and optionally other data) and then derived data can be read from it either to a buffer or directly imported into a key slot.
+
+Prerequisites to working with the key derivation APIs:
+* Initialize the library with a successful call to `psa_crypto_init`.
+* Configure the key policy for the key used for derivation (`PSA_KEY_USAGE_DERIVE`)
+* The key type must be `PSA_KEY_TYPE_DERIVE`.
+
+Deriving a new AES-CTR 128-bit encryption key into a given key slot using HKDF with a given key, salt and label:
+1. Set the key policy for key derivation by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_DERIVE` parameter, and the algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
+1. Import the key into the key slot by calling `psa_import_key()`. You can skip this step and the previous one if the key has already been imported into a known key slot.
+1. Set up the generator using the `psa_key_derivation` function providing a key slot containing a key that can be used for key derivation and a salt and label (Note: salt and label are optional).
+1. Initiate a key policy to for the derived key by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_ENCRYPT` parameter and the algorithm `PSA_ALG_CTR`.
+1. Set the key policy to the derived key slot.
+1. Import a key from generator into the desired key slot using (`psa_generator_import_key`).
+1. Clean up generator.
+
+At this point the derived key slot holds a new 128-bit AES-CTR encryption key derived from the key, salt and label provided:
+```C
+ psa_key_slot_t base_key = 1;
+ psa_key_slot_t derived_key = 2;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ unsigned char key[] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b };
+
+ unsigned char salt[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
+
+ unsigned char label[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6,
+ 0xf7, 0xf8, 0xf9 };
+
+ psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ size_t derived_bits = 128;
+ size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
+
+ status = psa_crypto_init();
+
+ /* Import a key for use in key derivation, if such a key has already been imported you can skip this part */
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
+ status = psa_set_key_policy(base_key, &policy);
+
+ status = psa_import_key(base_key, PSA_KEY_TYPE_DERIVE, key, sizeof(key));
+
+ /* Derive a key into a key slot*/
+ status = psa_key_derivation(&generator, base_key, alg, salt, sizeof(salt),
+ label, sizeof(label), capacity);
+
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR);
+
+ psa_set_key_policy(derived_key, &policy);
+
+ psa_generator_import_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator);
+
+ /* Clean up generator and key */
+ psa_generator_abort(&generator);
+ /* as part of clean up you may want to clean up the keys used by calling:
+ * psa_destroy_key( base_key ); or psa_destroy_key( derived_key ); */
+ mbedtls_psa_crypto_free();
+```
+
+### Authenticating and encrypting or decrypting a message
+
+Mbed Crypto provides a simple way for authenticate and encrypt with associated data (AEAD) supporting `PSA_ALG_CCM` algorithm.
+
+Prerequisites to working with the AEAD ciphers APIs:
+* Initialize the library with a successful call to `psa_crypto_init`.
+* The key policy for the key used for derivation must be configured accordingly (`PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT`).
+
+To authenticate and encrypt a message:
+```C
+ int slot = 1;
+ psa_status_t status;
+ unsigned char key[] = { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
+
+ unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B };
+
+ unsigned char additional_data[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20,
+ 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
+
+ unsigned char input_data[] = { 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
+ 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
+ 0xD2, 0xD7, 0xC2 };
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ size_t tag_length = 16;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ output_size = sizeof(input_data) + tag_length;
+ output_data = malloc(output_size);
+ status = psa_crypto_init();
+
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM);
+ status = psa_set_key_policy(slot, &policy);
+
+ status = psa_import_key(slot, PSA_KEY_TYPE_AES, key, sizeof(key));
+
+ status = psa_aead_encrypt(slot, PSA_ALG_CCM,
+ nonce, sizeof(nonce),
+ additional_data, sizeof(additional_data),
+ input_data, sizeof(input_data),
+ output_data, output_size,
+ &output_length);
+
+ psa_destroy_key(slot);
+ mbedtls_free(output_data);
+ mbedtls_psa_crypto_free();
+```
+
+To authenticate and decrypt a message:
+
+```C
+ int slot = 1;
+ psa_status_t status;
+ unsigned char key[] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
+ };
+
+ unsigned char nonce[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20, 0xC3,
+ 0x3C, 0x49, 0xFD, 0x70
+ };
+
+ unsigned char additional_data[] = { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20,
+ 0xC3, 0x3C, 0x49, 0xFD, 0x70
+ };
+ unsigned char input_data[] = { 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
+ 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
+ 0xD2, 0xD7, 0xC2
+ };
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ output_size = sizeof(input_data);
+ output_data = malloc(output_size);
+ status = psa_crypto_init();
+
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM);
+ status = psa_set_key_policy(slot, &policy);
+
+ status = psa_import_key(slot, PSA_KEY_TYPE_AES, key, sizeof(key));
+
+ status = psa_aead_decrypt(slot, PSA_ALG_CCM,
+ nonce, sizeof(nonce),
+ additional_data, sizeof(additional_data),
+ input_data, sizeof(input_data),
+ output_data, output_size,
+ &output_length);
+
+ psa_destroy_key(slot);
+ mbedtls_free(output_data);
+ mbedtls_psa_crypto_free();
+```
+
+### Generating and exporting keys
+
+Mbed Crypto provides a simple way to generate a key or key pair.
+
+Prerequisites to using key generation and export APIs:
+* Initialize the library with a successful call to `psa_crypto_init`.
+
+Generate a piece of random 128-bit AES data:
+1. Set the key policy for key generation by calling `psa_key_policy_set_usage()` with the `PSA_KEY_USAGE_EXPORT` parameter and the algorithm `PSA_ALG_GCM`.
+1. Generate a random AES key by calling `psa_generate_key()`.
+1. Export the generated key by calling `psa_export_key()`:
+```C
+ int slot = 1;
+ size_t bits = 128;
+ size_t exported_size = bits;
+ size_t exported_length = 0;
+ uint8_t *exported = malloc(exported_size);
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ psa_crypto_init();
+
+ psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, PSA_ALG_GCM);
+ psa_set_key_policy(slot, &policy);
+
+ /* Generate a key */
+ psa_generate_key(slot, PSA_KEY_TYPE_AES, bits, NULL, 0);
+
+ psa_export_key(slot, exported, exported_size, &exported_length)
+
+ psa_destroy_key(slot);
+ mbedtls_psa_crypto_free();
+```
+
+### More about the Mbed Crypto library
+
+More information on [Mbed Crypto](https://github.com/ARMmbed/mbed-crypto/).
+
+More information on [PSA Crypto](https://github.com/ARMmbed/mbed-crypto/blob/development/docs/PSA_Crypto_API_Overview.pdf).
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 1b581a5..dac97f4 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -3,14 +3,20 @@
if(INSTALL_MBEDTLS_HEADERS)
file(GLOB headers "mbedtls/*.h")
+ file(GLOB psa_headers "psa/*.h")
install(FILES ${headers}
DESTINATION include/mbedtls
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ install(FILES ${psa_headers}
+ DESTINATION include/psa
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
endif(INSTALL_MBEDTLS_HEADERS)
-# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
+# Make config.h available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
+ link_to_source(psa)
endif()
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 96c1c9a..f80acd7 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -66,7 +66,7 @@
* - 0x02 -- tag indicating INTEGER
* - 0x01 -- length in octets
* - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * Such sequences are typically read into Mbed TLS's \c mbedtls_x509_buf.
* \{
*/
#define MBEDTLS_ASN1_BOOLEAN 0x01
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fd91d70..fd7d744 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -746,11 +746,11 @@
* Enable "non-blocking" ECC operations that can return early and be resumed.
*
* This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
+ * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
+ * to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
+ * of ECC operations a function may perform before pausing; see
* mbedtls_ecp_set_max_ops() for more information.
*
* This is useful in non-threaded environments if you want to avoid blocking
@@ -1195,6 +1195,21 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
+/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+ *
+ * In PSA key storage, encode the owner of the key.
+ *
+ * This is only meaningful when building the library as part of a
+ * multi-client service. When you activate this option, you must provide
+ * an implementation of the type psa_key_owner_id_t and a translation
+ * from psa_key_file_id_t to file name in all the storage backends that
+ * you wish to support.
+ *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+
/**
* \def MBEDTLS_MEMORY_DEBUG
*
@@ -2224,7 +2239,7 @@
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C
/**
* \def MBEDTLS_CTR_DRBG_C
@@ -2773,32 +2788,25 @@
*
* Enable the Platform Security Architecture cryptography API.
*
- * \note This option only has an effect when the build option
- * USE_CRYPTO_SUBMODULE is also in use.
- *
- * \warning This feature is experimental and available on an opt-in basis only.
- * PSA APIs are subject to change at any time. The implementation comes with
- * less assurance and support than the rest of Mbed TLS.
- *
- * Module: crypto/library/psa_crypto.c
+ * Module: library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
*
*/
-//#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_C
/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
*
* Enable the Platform Security Architecture persistent key storage.
*
- * Module: crypto/library/psa_crypto_storage.c
+ * Module: library/psa_crypto_storage.c
*
* Requires: MBEDTLS_PSA_CRYPTO_C,
* either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
* the PSA ITS interface
*/
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
/**
* \def MBEDTLS_PSA_ITS_FILE_C
@@ -2806,12 +2814,11 @@
* Enable the emulation of the Platform Security Architecture
* Internal Trusted Storage (PSA ITS) over files.
*
- * Module: crypto/library/psa_its_file.c
+ * Module: library/psa_its_file.c
*
* Requires: MBEDTLS_FS_IO
- *
*/
-//#define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_PSA_ITS_FILE_C
/**
* \def MBEDTLS_RIPEMD160_C
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 2909f5f..98cd4e2 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -350,11 +350,10 @@
#endif
/**
- * RFC 3526, RFC 5114 and RFC 7919 standardize a number of
- * Diffie-Hellman groups, some of which are included here
- * for use within the SSL/TLS module and the user's convenience
- * when configuring the Diffie-Hellman parameters by hand
- * through \c mbedtls_ssl_conf_dh_param.
+ * RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman
+ * groups, some of which are included here for use by Mbed TLS's SSL/TLS module
+ * and the user's convenience when configuring the Diffie-Hellman parameters by
+ * hand through Mbed TLS's \c mbedtls_ssl_conf_dh_param.
*
* The following lists the source of the above groups in the standards:
* - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 0b2504e..1a6ec13 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -375,19 +375,19 @@
* same; they must not be used until the function finally
* returns 0.
*
- * This only applies to functions whose documentation
- * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- * SSL module). For functions that accept a "restart context"
- * argument, passing NULL disables restart and makes the
- * function equivalent to the function with the same name
+ * This only applies to functions whose documentation mentions
+ * they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
+ * `MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS` for functions in the
+ * Mbed TLS SSL module). For functions that accept a "restart
+ * context" argument, passing NULL disables restart and makes
+ * the function equivalent to the function with the same name
* with \c _restartable removed. For functions in the ECDH
- * module, restart is disabled unless the function accepts
- * an "ECDH context" argument and
- * mbedtls_ecdh_enable_restart() was previously called on
- * that context. For function in the SSL module, restart is
- * only enabled for specific sides and key exchanges
- * (currently only for clients and ECDHE-ECDSA).
+ * module, restart is disabled unless the function accepts an
+ * "ECDH context" argument and mbedtls_ecdh_enable_restart()
+ * was previously called on that context. For function in the
+ * Mbed TLS SSL module, restart is only enabled for specific
+ * sides and key exchanges (currently only for clients and
+ * ECDHE-ECDSA).
*
* \param max_ops Maximum number of basic operations done in a row.
* Default: 0 (unlimited).
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
new file mode 100644
index 0000000..b62788b
--- /dev/null
+++ b/include/psa/crypto.h
@@ -0,0 +1,2388 @@
+/**
+ * \file psa/crypto.h
+ * \brief Platform Security Architecture cryptography module
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_H
+#define PSA_CRYPTO_H
+
+#include "crypto_platform.h"
+
+#include <stddef.h>
+
+#ifdef __DOXYGEN_ONLY__
+/* This __DOXYGEN_ONLY__ block contains mock definitions for things that
+ * must be defined in the crypto_platform.h header. These mock definitions
+ * are present in this file as a convenience to generate pretty-printed
+ * documentation that includes those definitions. */
+
+/** \defgroup platform Implementation-specific definitions
+ * @{
+ */
+
+/** \brief Key handle.
+ *
+ * This type represents open handles to keys. It must be an unsigned integral
+ * type. The choice of type is implementation-dependent.
+ *
+ * 0 is not a valid key handle. How other handle values are assigned is
+ * implementation-dependent.
+ */
+typedef _unsigned_integral_type_ psa_key_handle_t;
+
+/**@}*/
+#endif /* __DOXYGEN_ONLY__ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* The file "crypto_types.h" declares types that encode errors,
+ * algorithms, key types, policies, etc. */
+#include "crypto_types.h"
+
+/* The file "crypto_values.h" declares macros to build and analyze values
+ * of integral types defined in "crypto_types.h". */
+#include "crypto_values.h"
+
+/** \defgroup initialization Library initialization
+ * @{
+ */
+
+/**
+ * \brief Library initialization.
+ *
+ * Applications must call this function before calling any other
+ * function in this module.
+ *
+ * Applications may call this function more than once. Once a call
+ * succeeds, subsequent calls are guaranteed to succeed.
+ *
+ * If the application calls other functions before calling psa_crypto_init(),
+ * the behavior is undefined. Implementations are encouraged to either perform
+ * the operation as if the library had been initialized or to return
+ * #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+ * implementations should not return a success status if the lack of
+ * initialization may have security implications, for example due to improper
+ * seeding of the random number generator.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t psa_crypto_init(void);
+
+/**@}*/
+
+/** \defgroup policy Key policies
+ * @{
+ */
+
+/** The type of the key policy data structure.
+ *
+ * Before calling any function on a key policy, the application must initialize
+ * it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_key_policy_t policy;
+ * memset(&policy, 0, sizeof(policy));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_key_policy_t policy = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_KEY_POLICY_INIT,
+ * for example:
+ * \code
+ * psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ * \endcode
+ * - Assign the result of the function psa_key_policy_init()
+ * to the structure, for example:
+ * \code
+ * psa_key_policy_t policy;
+ * policy = psa_key_policy_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation. */
+typedef struct psa_key_policy_s psa_key_policy_t;
+
+/** \def PSA_KEY_POLICY_INIT
+ *
+ * This macro returns a suitable initializer for a key policy object of type
+ * #psa_key_policy_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_KEY_POLICY_INIT {0}
+#endif
+
+/** Return an initial value for a key policy that forbids all usage of the key.
+ */
+static psa_key_policy_t psa_key_policy_init(void);
+
+/** \brief Set the standard fields of a policy structure.
+ *
+ * Note that this function does not make any consistency check of the
+ * parameters. The values are only checked when applying the policy to
+ * a key slot with psa_set_key_policy().
+ *
+ * \param[in,out] policy The key policy to modify. It must have been
+ * initialized as per the documentation for
+ * #psa_key_policy_t.
+ * \param usage The permitted uses for the key.
+ * \param alg The algorithm that the key may be used for.
+ */
+void psa_key_policy_set_usage(psa_key_policy_t *policy,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg);
+
+/** \brief Retrieve the usage field of a policy structure.
+ *
+ * \param[in] policy The policy object to query.
+ *
+ * \return The permitted uses for a key with this policy.
+ */
+psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
+
+/** \brief Retrieve the algorithm field of a policy structure.
+ *
+ * \param[in] policy The policy object to query.
+ *
+ * \return The permitted algorithm for a key with this policy.
+ */
+psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
+
+/** \brief Set the usage policy on a key slot.
+ *
+ * This function must be called on an empty key slot, before importing,
+ * generating or creating a key in the slot. Changing the policy of an
+ * existing key is not permitted.
+ *
+ * Implementations may set restrictions on supported key policies
+ * depending on the key type and the key slot.
+ *
+ * \param handle Handle to the key whose policy is to be changed.
+ * \param[in] policy The policy object to query.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, it is implementation-defined whether
+ * the policy has been saved to persistent storage. Implementations
+ * may defer saving the policy until the key material is created.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_set_key_policy(psa_key_handle_t handle,
+ const psa_key_policy_t *policy);
+
+/** \brief Get the usage policy for a key slot.
+ *
+ * \param handle Handle to the key slot whose policy is being queried.
+ * \param[out] policy On success, the key's policy.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_get_key_policy(psa_key_handle_t handle,
+ psa_key_policy_t *policy);
+
+/**@}*/
+
+/** \defgroup key_management Key management
+ * @{
+ */
+
+/** \brief Retrieve the lifetime of an open key.
+ *
+ * \param handle Handle to query.
+ * \param[out] lifetime On success, the lifetime value.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
+ psa_key_lifetime_t *lifetime);
+
+
+/** Allocate a key slot for a transient key, i.e. a key which is only stored
+ * in volatile memory.
+ *
+ * The allocated key slot and its handle remain valid until the
+ * application calls psa_close_key() or psa_destroy_key() or until the
+ * application terminates.
+ *
+ * \param[out] handle On success, a handle to a volatile key slot.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. The application can now use the value of `*handle`
+ * to access the newly allocated key slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * There was not enough memory, or the maximum number of key slots
+ * has been reached.
+ */
+psa_status_t psa_allocate_key(psa_key_handle_t *handle);
+
+/** Open a handle to an existing persistent key.
+ *
+ * Open a handle to a key which was previously created with psa_create_key().
+ *
+ * \param lifetime The lifetime of the key. This designates a storage
+ * area where the key material is stored. This must not
+ * be #PSA_KEY_LIFETIME_VOLATILE.
+ * \param id The persistent identifier of the key.
+ * \param[out] handle On success, a handle to a key slot which contains
+ * the data and metadata loaded from the specified
+ * persistent location.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. The application can now use the value of `*handle`
+ * to access the newly allocated key slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p id is invalid for the specified lifetime.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p lifetime is not supported.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The specified key exists, but the application does not have the
+ * permission to access it. Note that this specification does not
+ * define any way to create such a key, but it may be possible
+ * through implementation-specific means.
+ */
+psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
+ psa_key_id_t id,
+ psa_key_handle_t *handle);
+
+/** Create a new persistent key slot.
+ *
+ * Create a new persistent key slot and return a handle to it. The handle
+ * remains valid until the application calls psa_close_key() or terminates.
+ * The application can open the key again with psa_open_key() until it
+ * removes the key by calling psa_destroy_key().
+ *
+ * \param lifetime The lifetime of the key. This designates a storage
+ * area where the key material is stored. This must not
+ * be #PSA_KEY_LIFETIME_VOLATILE.
+ * \param id The persistent identifier of the key.
+ * \param[out] handle On success, a handle to the newly created key slot.
+ * When key material is later created in this key slot,
+ * it will be saved to the specified persistent location.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. The application can now use the value of `*handle`
+ * to access the newly allocated key slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key with the identifier \p id in the storage
+ * area designated by \p lifetime.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p id is invalid for the specified lifetime.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p lifetime is not supported.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \p lifetime is valid, but the application does not have the
+ * permission to create a key there.
+ */
+psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
+ psa_key_id_t id,
+ psa_key_handle_t *handle);
+
+/** Close a key handle.
+ *
+ * If the handle designates a volatile key, destroy the key material and
+ * free all associated resources, just like psa_destroy_key().
+ *
+ * If the handle designates a persistent key, free all resources associated
+ * with the key in volatile memory. The key slot in persistent storage is
+ * not affected and can be opened again later with psa_open_key().
+ *
+ * \param handle The key handle to close.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_close_key(psa_key_handle_t handle);
+
+/**@}*/
+
+/** \defgroup import_export Key import and export
+ * @{
+ */
+
+/**
+ * \brief Import a key in binary format.
+ *
+ * This function supports any output from psa_export_key(). Refer to the
+ * documentation of psa_export_public_key() for the format of public keys
+ * and to the documentation of psa_export_key() for the format for
+ * other key types.
+ *
+ * This specification supports a single format for each key type.
+ * Implementations may support other formats as long as the standard
+ * format is supported. Implementations that support other formats
+ * should ensure that the formats are clearly unambiguous so as to
+ * minimize the risk that an invalid input is accidentally interpreted
+ * according to a different format.
+ *
+ * \param handle Handle to the slot where the key will be stored.
+ * It must have been obtained by calling
+ * psa_allocate_key() or psa_create_key() and must
+ * not contain key material yet.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
+ * import, the key slot will contain a key of this type.
+ * \param[in] data Buffer containing the key data. The content of this
+ * buffer is interpreted according to \p type. It must
+ * contain the format described in the documentation
+ * of psa_export_key() or psa_export_public_key() for
+ * the chosen type.
+ * \param data_length Size of the \p data buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key type or key size is not supported, either by the
+ * implementation in general or in this particular slot.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key slot is invalid,
+ * or the key data is not correctly formatted.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key in the specified slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_import_key(psa_key_handle_t handle,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length);
+
+/**
+ * \brief Destroy a key.
+ *
+ * This function destroys the content of the key slot from both volatile
+ * memory and, if applicable, non-volatile storage. Implementations shall
+ * make a best effort to ensure that any previous content of the slot is
+ * unrecoverable.
+ *
+ * This function also erases any metadata such as policies and frees all
+ * resources associated with the key.
+ *
+ * \param handle Handle to the key slot to erase.
+ *
+ * \retval #PSA_SUCCESS
+ * The slot's content, if any, has been erased.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The slot holds content and cannot be erased because it is
+ * read-only, either due to a policy or due to physical restrictions.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * There was an failure in communication with the cryptoprocessor.
+ * The key material may still be present in the cryptoprocessor.
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The storage is corrupted. Implementations shall make a best effort
+ * to erase key material even in this stage, however applications
+ * should be aware that it may be impossible to guarantee that the
+ * key material is not recoverable in such cases.
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * An unexpected condition which is not a storage corruption or
+ * a communication failure occurred. The cryptoprocessor may have
+ * been compromised.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_destroy_key(psa_key_handle_t handle);
+
+/**
+ * \brief Get basic metadata about a key.
+ *
+ * \param handle Handle to the key slot to query.
+ * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX value).
+ * This may be a null pointer, in which case the key type
+ * is not written.
+ * \param[out] bits On success, the key size in bits.
+ * This may be a null pointer, in which case the key size
+ * is not written.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * The handle is to a key slot which does not contain key material yet.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_get_key_information(psa_key_handle_t handle,
+ psa_key_type_t *type,
+ size_t *bits);
+
+/**
+ * \brief Export a key in binary format.
+ *
+ * The output of this function can be passed to psa_import_key() to
+ * create an equivalent object.
+ *
+ * If the implementation of psa_import_key() supports other formats
+ * beyond the format specified here, the output from psa_export_key()
+ * must use the representation specified here, not the original
+ * representation.
+ *
+ * For standard key types, the output format is as follows:
+ *
+ * - For symmetric keys (including MAC keys), the format is the
+ * raw bytes of the key.
+ * - For DES, the key data consists of 8 bytes. The parity bits must be
+ * correct.
+ * - For Triple-DES, the format is the concatenation of the
+ * two or three DES keys.
+ * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
+ * is the non-encrypted DER encoding of the representation defined by
+ * PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+ * ```
+ * RSAPrivateKey ::= SEQUENCE {
+ * version INTEGER, -- must be 0
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * }
+ * ```
+ * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format
+ * is the non-encrypted DER encoding of the representation used by
+ * OpenSSL and OpenSSH, whose structure is described in ASN.1 as follows:
+ * ```
+ * DSAPrivateKey ::= SEQUENCE {
+ * version INTEGER, -- must be 0
+ * prime INTEGER, -- p
+ * subprime INTEGER, -- q
+ * generator INTEGER, -- g
+ * public INTEGER, -- y
+ * private INTEGER, -- x
+ * }
+ * ```
+ * - For elliptic curve key pairs (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
+ * a representation of the private value as a `ceiling(m/8)`-byte string
+ * where `m` is the bit size associated with the curve, i.e. the bit size
+ * of the order of the curve's coordinate field. This byte string is
+ * in little-endian order for Montgomery curves (curve types
+ * `PSA_ECC_CURVE_CURVEXXX`), and in big-endian order for Weierstrass
+ * curves (curve types `PSA_ECC_CURVE_SECTXXX`, `PSA_ECC_CURVE_SECPXXX`
+ * and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
+ * This is the content of the `privateKey` field of the `ECPrivateKey`
+ * format defined by RFC 5915.
+ * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+ * true), the format is the same as for psa_export_public_key().
+ *
+ * \param handle Handle to the key to export.
+ * \param[out] data Buffer where the key data is to be written.
+ * \param data_size Size of the \p data buffer in bytes.
+ * \param[out] data_length On success, the number of bytes
+ * that make up the key data.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p data buffer is too small. You can determine a
+ * sufficient buffer size by calling
+ * #PSA_KEY_EXPORT_MAX_SIZE(\c type, \c bits)
+ * where \c type is the key type
+ * and \c bits is the key size in bits.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_export_key(psa_key_handle_t handle,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
+/**
+ * \brief Export a public key or the public part of a key pair in binary format.
+ *
+ * The output of this function can be passed to psa_import_key() to
+ * create an object that is equivalent to the public key.
+ *
+ * This specification supports a single format for each key type.
+ * Implementations may support other formats as long as the standard
+ * format is supported. Implementations that support other formats
+ * should ensure that the formats are clearly unambiguous so as to
+ * minimize the risk that an invalid input is accidentally interpreted
+ * according to a different format.
+ *
+ * For standard key types, the output format is as follows:
+ * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+ * the representation defined by RFC 3279 §2.3.1 as `RSAPublicKey`.
+ * ```
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ * ```
+ * - For elliptic curve public keys (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+ * representation defined by SEC1 §2.3.3 as the content of an ECPoint:
+ * Let `m` be the bit size associated with the curve, i.e. the bit size of
+ * `q` for a curve over `F_q`. The representation consists of:
+ * - The byte 0x04;
+ * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+ *
+ * For other public key types, the format is the DER representation defined by
+ * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
+ * specified below.
+ * ```
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }
+ * ```
+ * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
+ * the `subjectPublicKey` format is defined by RFC 3279 §2.3.2 as
+ * `DSAPublicKey`,
+ * with the OID `id-dsa`,
+ * and with the parameters `DSS-Parms`.
+ * ```
+ * id-dsa OBJECT IDENTIFIER ::= {
+ * iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
+ *
+ * Dss-Parms ::= SEQUENCE {
+ * p INTEGER,
+ * q INTEGER,
+ * g INTEGER }
+ * DSAPublicKey ::= INTEGER -- public key, Y
+ * ```
+ *
+ * \param handle Handle to the key to export.
+ * \param[out] data Buffer where the key data is to be written.
+ * \param data_size Size of the \p data buffer in bytes.
+ * \param[out] data_length On success, the number of bytes
+ * that make up the key data.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key is neither a public key nor a key pair.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p data buffer is too small. You can determine a
+ * sufficient buffer size by calling
+ * #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(\c type), \c bits)
+ * where \c type is the key type
+ * and \c bits is the key size in bits.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_export_public_key(psa_key_handle_t handle,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
+/** Make a copy of a key.
+ *
+ * Copy key material from one location to another.
+ *
+ * This function is primarily useful to copy a key from one location
+ * to another, since it populates a key using the material from
+ * another key which may have a different lifetime.
+ *
+ * In an implementation where slots have different ownerships,
+ * this function may be used to share a key with a different party,
+ * subject to implementation-defined restrictions on key sharing.
+ * In this case \p constraint would typically prevent the recipient
+ * from exporting the key.
+ *
+ * The resulting key may only be used in a way that conforms to all
+ * three of: the policy of the source key, the policy previously set
+ * on the target, and the \p constraint parameter passed when calling
+ * this function.
+ * - The usage flags on the resulting key are the bitwise-and of the
+ * usage flags on the source policy, the previously-set target policy
+ * and the policy constraint.
+ * - If all three policies allow the same algorithm or wildcard-based
+ * algorithm policy, the resulting key has the same algorithm policy.
+ * - If one of the policies allows an algorithm and all the other policies
+ * either allow the same algorithm or a wildcard-based algorithm policy
+ * that includes this algorithm, the resulting key allows the same
+ * algorithm.
+ *
+ * The effect of this function on implementation-defined metadata is
+ * implementation-defined.
+ *
+ * \param source_handle The key to copy. It must be a handle to an
+ * occupied slot.
+ * \param target_handle A handle to the target slot. It must not contain
+ * key material yet.
+ * \param[in] constraint An optional policy constraint. If this parameter
+ * is non-null then the resulting key will conform
+ * to this policy in addition to the source policy
+ * and the policy already present on the target
+ * slot. If this parameter is null then the
+ * function behaves in the same way as if it was
+ * the target policy, i.e. only the source and
+ * target policies apply.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * \p target already contains key material.
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \p source does not contain key material.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The policy constraints on the source, on the target and
+ * \p constraints are incompatible.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The source key is not exportable and its lifetime does not
+ * allow copying it to the target's lifetime.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_copy_key(psa_key_handle_t source_handle,
+ psa_key_handle_t target_handle,
+ const psa_key_policy_t *constraint);
+
+/**@}*/
+
+/** \defgroup hash Message digests
+ * @{
+ */
+
+/** The type of the state data structure for multipart hash operations.
+ *
+ * Before calling any function on a hash operation object, the application must
+ * initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_hash_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_hash_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_hash_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_hash_operation_t operation;
+ * operation = psa_hash_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation. */
+typedef struct psa_hash_operation_s psa_hash_operation_t;
+
+/** \def PSA_HASH_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a hash operation object
+ * of type #psa_hash_operation_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_HASH_OPERATION_INIT {0}
+#endif
+
+/** Return an initial value for a hash operation object.
+ */
+static psa_hash_operation_t psa_hash_operation_init(void);
+
+/** Set up a multipart hash operation.
+ *
+ * The sequence of operations to calculate a hash (message digest)
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_hash_operation_t, e.g. PSA_HASH_OPERATION_INIT.
+ * -# Call psa_hash_setup() to specify the algorithm.
+ * -# Call psa_hash_update() zero, one or more times, passing a fragment
+ * of the message each time. The hash that is calculated is the hash
+ * of the concatenation of these messages in order.
+ * -# To calculate the hash, call psa_hash_finish().
+ * To compare the hash with an expected value, call psa_hash_verify().
+ *
+ * The application may call psa_hash_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_hash_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A failed call to psa_hash_update().
+ * - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_hash_operation_t and not yet in use.
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a hash algorithm.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (already set up and not
+ * subsequently completed).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
+ psa_algorithm_t alg);
+
+/** Add a message fragment to a multipart hash operation.
+ *
+ * The application must call psa_hash_setup() before calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active hash operation.
+ * \param[in] input Buffer containing the message fragment to hash.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_update(psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length);
+
+/** Finish the calculation of the hash of a message.
+ *
+ * The application must call psa_hash_setup() before calling this function.
+ * This function calculates the hash of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_hash_update().
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \warning Applications should not call this function if they expect
+ * a specific value for the hash. Call psa_hash_verify() instead.
+ * Beware that comparing integrity or authenticity data such as
+ * hash values with a function such as \c memcmp is risky
+ * because the time taken by the comparison may leak information
+ * about the hashed data which could allow an attacker to guess
+ * a valid hash and thereby bypass security controls.
+ *
+ * \param[in,out] operation Active hash operation.
+ * \param[out] hash Buffer where the hash is to be written.
+ * \param hash_size Size of the \p hash buffer in bytes.
+ * \param[out] hash_length On success, the number of bytes
+ * that make up the hash value. This is always
+ * #PSA_HASH_SIZE(\c alg) where \c alg is the
+ * hash algorithm that is calculated.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p hash buffer is too small. You can determine a
+ * sufficient buffer size by calling #PSA_HASH_SIZE(\c alg)
+ * where \c alg is the hash algorithm that is calculated.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length);
+
+/** Finish the calculation of the hash of a message and compare it with
+ * an expected value.
+ *
+ * The application must call psa_hash_setup() before calling this function.
+ * This function calculates the hash of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_hash_update(). It then
+ * compares the calculated hash with the expected hash passed as a
+ * parameter to this function.
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \note Implementations shall make the best effort to ensure that the
+ * comparison between the actual hash and the expected hash is performed
+ * in constant time.
+ *
+ * \param[in,out] operation Active hash operation.
+ * \param[in] hash Buffer containing the expected hash value.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected hash is identical to the actual hash of the message.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The hash of the message was calculated successfully, but it
+ * differs from the expected hash.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
+ const uint8_t *hash,
+ size_t hash_length);
+
+/** Abort a hash operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_hash_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by any of the following methods:
+ * - A call to psa_hash_setup(), whether it succeeds or not.
+ * - Initializing the \c struct to all-bits-zero.
+ * - Initializing the \c struct to logical zeros, e.g.
+ * `psa_hash_operation_t operation = {0}`.
+ *
+ * In particular, calling psa_hash_abort() after the operation has been
+ * terminated by a call to psa_hash_abort(), psa_hash_finish() or
+ * psa_hash_verify() is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized hash operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p operation is not an active hash operation.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
+
+/** Clone a hash operation.
+ *
+ * This function copies the state of an ongoing hash operation to
+ * a new operation object. In other words, this function is equivalent
+ * to calling psa_hash_setup() on \p target_operation with the same
+ * algorithm that \p source_operation was set up for, then
+ * psa_hash_update() on \p target_operation with the same input that
+ * that was passed to \p source_operation. After this function returns, the
+ * two objects are independent, i.e. subsequent calls involving one of
+ * the objects do not affect the other object.
+ *
+ * \param[in] source_operation The active hash operation to clone.
+ * \param[in,out] target_operation The operation object to set up.
+ * It must be initialized but not active.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p source_operation is not an active hash operation.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p target_operation is active.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation);
+
+/**@}*/
+
+/** \defgroup MAC Message authentication codes
+ * @{
+ */
+
+/** The type of the state data structure for multipart MAC operations.
+ *
+ * Before calling any function on a MAC operation object, the application must
+ * initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_mac_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_mac_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_mac_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_mac_operation_t operation;
+ * operation = psa_mac_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation. */
+typedef struct psa_mac_operation_s psa_mac_operation_t;
+
+/** \def PSA_MAC_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a MAC operation object of type
+ * #psa_mac_operation_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_MAC_OPERATION_INIT {0}
+#endif
+
+/** Return an initial value for a MAC operation object.
+ */
+static psa_mac_operation_t psa_mac_operation_init(void);
+
+/** Set up a multipart MAC calculation operation.
+ *
+ * This function sets up the calculation of the MAC
+ * (message authentication code) of a byte string.
+ * To verify the MAC of a message against an
+ * expected value, use psa_mac_verify_setup() instead.
+ *
+ * The sequence of operations to calculate a MAC is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
+ * -# Call psa_mac_sign_setup() to specify the algorithm and key.
+ * The key remains associated with the operation even if the content
+ * of the key slot changes.
+ * -# Call psa_mac_update() zero, one or more times, passing a fragment
+ * of the message each time. The MAC that is calculated is the MAC
+ * of the concatenation of these messages in order.
+ * -# At the end of the message, call psa_mac_sign_finish() to finish
+ * calculating the MAC value and retrieve it.
+ *
+ * The application may call psa_mac_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_mac_sign_setup(), the application must
+ * eventually terminate the operation through one of the following methods:
+ * - A failed call to psa_mac_update().
+ * - A call to psa_mac_sign_finish() or psa_mac_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_mac_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (already set up and not
+ * subsequently completed).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Set up a multipart MAC verification operation.
+ *
+ * This function sets up the verification of the MAC
+ * (message authentication code) of a byte string against an expected value.
+ *
+ * The sequence of operations to verify a MAC is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
+ * -# Call psa_mac_verify_setup() to specify the algorithm and key.
+ * The key remains associated with the operation even if the content
+ * of the key slot changes.
+ * -# Call psa_mac_update() zero, one or more times, passing a fragment
+ * of the message each time. The MAC that is calculated is the MAC
+ * of the concatenation of these messages in order.
+ * -# At the end of the message, call psa_mac_verify_finish() to finish
+ * calculating the actual MAC of the message and verify it against
+ * the expected value.
+ *
+ * The application may call psa_mac_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_mac_verify_setup(), the application must
+ * eventually terminate the operation through one of the following methods:
+ * - A failed call to psa_mac_update().
+ * - A call to psa_mac_verify_finish() or psa_mac_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_mac_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c key is not compatible with \c alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \c alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (already set up and not
+ * subsequently completed).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Add a message fragment to a multipart MAC operation.
+ *
+ * The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+ * before calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] input Buffer containing the message fragment to add to
+ * the MAC calculation.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length);
+
+/** Finish the calculation of the MAC of a message.
+ *
+ * The application must call psa_mac_sign_setup() before calling this function.
+ * This function calculates the MAC of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_mac_update().
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \warning Applications should not call this function if they expect
+ * a specific value for the MAC. Call psa_mac_verify_finish() instead.
+ * Beware that comparing integrity or authenticity data such as
+ * MAC values with a function such as \c memcmp is risky
+ * because the time taken by the comparison may leak information
+ * about the MAC value which could allow an attacker to guess
+ * a valid MAC and thereby bypass security controls.
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Size of the \p mac buffer in bytes.
+ * \param[out] mac_length On success, the number of bytes
+ * that make up the MAC value. This is always
+ * #PSA_MAC_FINAL_SIZE(\c key_type, \c key_bits, \c alg)
+ * where \c key_type and \c key_bits are the type and
+ * bit-size respectively of the key and \c alg is the
+ * MAC algorithm that is calculated.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p mac buffer is too small. You can determine a
+ * sufficient buffer size by calling PSA_MAC_FINAL_SIZE().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+/** Finish the calculation of the MAC of a message and compare it with
+ * an expected value.
+ *
+ * The application must call psa_mac_verify_setup() before calling this function.
+ * This function calculates the MAC of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_mac_update(). It then
+ * compares the calculated MAC with the expected MAC passed as a
+ * parameter to this function.
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \note Implementations shall make the best effort to ensure that the
+ * comparison between the actual MAC and the expected MAC is performed
+ * in constant time.
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] mac Buffer containing the expected MAC value.
+ * \param mac_length Size of the \p mac buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected MAC is identical to the actual MAC of the message.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The MAC of the message was calculated successfully, but it
+ * differs from the expected MAC.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or already completed).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length);
+
+/** Abort a MAC operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_mac_sign_setup() or psa_mac_verify_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by any of the following methods:
+ * - A call to psa_mac_sign_setup() or psa_mac_verify_setup(), whether
+ * it succeeds or not.
+ * - Initializing the \c struct to all-bits-zero.
+ * - Initializing the \c struct to logical zeros, e.g.
+ * `psa_mac_operation_t operation = {0}`.
+ *
+ * In particular, calling psa_mac_abort() after the operation has been
+ * terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+ * psa_mac_verify_finish() is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized MAC operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p operation is not an active MAC operation.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
+
+/**@}*/
+
+/** \defgroup cipher Symmetric ciphers
+ * @{
+ */
+
+/** The type of the state data structure for multipart cipher operations.
+ *
+ * Before calling any function on a cipher operation object, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_cipher_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_cipher_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_cipher_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_cipher_operation_t operation;
+ * operation = psa_cipher_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation. */
+typedef struct psa_cipher_operation_s psa_cipher_operation_t;
+
+/** \def PSA_CIPHER_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a cipher operation object of
+ * type #psa_cipher_operation_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_CIPHER_OPERATION_INIT {0}
+#endif
+
+/** Return an initial value for a cipher operation object.
+ */
+static psa_cipher_operation_t psa_cipher_operation_init(void);
+
+/** Set the key for a multipart symmetric encryption operation.
+ *
+ * The sequence of operations to encrypt a message with a symmetric cipher
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_cipher_operation_t, e.g.
+ * PSA_CIPHER_OPERATION_INIT.
+ * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+ * The key remains associated with the operation even if the content
+ * of the key slot changes.
+ * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+ * generate or set the IV (initialization vector). You should use
+ * psa_cipher_generate_iv() unless the protocol you are implementing
+ * requires a specific IV value.
+ * -# Call psa_cipher_update() zero, one or more times, passing a fragment
+ * of the message each time.
+ * -# Call psa_cipher_finish().
+ *
+ * The application may call psa_cipher_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_cipher_encrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A failed call to psa_cipher_generate_iv(), psa_cipher_set_iv()
+ * or psa_cipher_update().
+ * - A call to psa_cipher_finish() or psa_cipher_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_cipher_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (already set up and not
+ * subsequently completed).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Set the key for a multipart symmetric decryption operation.
+ *
+ * The sequence of operations to decrypt a message with a symmetric cipher
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_cipher_operation_t, e.g.
+ * PSA_CIPHER_OPERATION_INIT.
+ * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+ * The key remains associated with the operation even if the content
+ * of the key slot changes.
+ * -# Call psa_cipher_update() with the IV (initialization vector) for the
+ * decryption. If the IV is prepended to the ciphertext, you can call
+ * psa_cipher_update() on a buffer containing the IV followed by the
+ * beginning of the message.
+ * -# Call psa_cipher_update() zero, one or more times, passing a fragment
+ * of the message each time.
+ * -# Call psa_cipher_finish().
+ *
+ * The application may call psa_cipher_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_cipher_decrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A failed call to psa_cipher_update().
+ * - A call to psa_cipher_finish() or psa_cipher_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_cipher_operation_t and not yet in use.
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (already set up and not
+ * subsequently completed).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg);
+
+/** Generate an IV for a symmetric encryption operation.
+ *
+ * This function generates a random IV (initialization vector), nonce
+ * or initial counter value for the encryption operation as appropriate
+ * for the chosen algorithm, key type and key size.
+ *
+ * The application must call psa_cipher_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] iv Buffer where the generated IV is to be written.
+ * \param iv_size Size of the \p iv buffer in bytes.
+ * \param[out] iv_length On success, the number of bytes of the
+ * generated IV.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or IV already set).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p iv buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
+ unsigned char *iv,
+ size_t iv_size,
+ size_t *iv_length);
+
+/** Set the IV for a symmetric encryption or decryption operation.
+ *
+ * This function sets the random IV (initialization vector), nonce
+ * or initial counter value for the encryption or decryption operation.
+ *
+ * The application must call psa_cipher_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \note When encrypting, applications should use psa_cipher_generate_iv()
+ * instead of this function, unless implementing a protocol that requires
+ * a non-random IV.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] iv Buffer containing the IV to use.
+ * \param iv_length Size of the IV in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, or IV already set).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p iv is not acceptable for the chosen algorithm,
+ * or the chosen algorithm does not use an IV.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
+ const unsigned char *iv,
+ size_t iv_length);
+
+/** Encrypt or decrypt a message fragment in an active cipher operation.
+ *
+ * Before calling this function, you must:
+ * 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+ * The choice of setup function determines whether this function
+ * encrypts or decrypts its input.
+ * 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+ * (recommended when encrypting) or psa_cipher_set_iv().
+ *
+ * If this function returns an error status, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] input Buffer containing the message fragment to
+ * encrypt or decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, IV required but
+ * not set, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Finish encrypting or decrypting a message in a cipher operation.
+ *
+ * The application must call psa_cipher_encrypt_setup() or
+ * psa_cipher_decrypt_setup() before calling this function. The choice
+ * of setup function determines whether this function encrypts or
+ * decrypts its input.
+ *
+ * This function finishes the encryption or decryption of the message
+ * formed by concatenating the inputs passed to preceding calls to
+ * psa_cipher_update().
+ *
+ * When this function returns, the operation becomes inactive.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] output Buffer where the output is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (not set up, IV required but
+ * not set, or already completed).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Abort a cipher operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by any of the following methods:
+ * - A call to psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup(),
+ * whether it succeeds or not.
+ * - Initializing the \c struct to all-bits-zero.
+ * - Initializing the \c struct to logical zeros, e.g.
+ * `psa_cipher_operation_t operation = {0}`.
+ *
+ * In particular, calling psa_cipher_abort() after the operation has been
+ * terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+ * is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized cipher operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \p operation is not an active cipher operation.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
+
+/**@}*/
+
+/** \defgroup aead Authenticated encryption with associated data (AEAD)
+ * @{
+ */
+
+/** Process an authenticated encryption operation.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param[in] nonce Nonce or IV to use.
+ * \param nonce_length Size of the \p nonce buffer in bytes.
+ * \param[in] additional_data Additional data that will be authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of \p additional_data in bytes.
+ * \param[in] plaintext Data that will be authenticated and
+ * encrypted.
+ * \param plaintext_length Size of \p plaintext in bytes.
+ * \param[out] ciphertext Output buffer for the authenticated and
+ * encrypted data. The additional data is not
+ * part of this output. For algorithms where the
+ * encrypted data and the authentication tag
+ * are defined as separate outputs, the
+ * authentication tag is appended to the
+ * encrypted data.
+ * \param ciphertext_size Size of the \p ciphertext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
+ * \p plaintext_length).
+ * \param[out] ciphertext_length On success, the size of the output
+ * in the \b ciphertext buffer.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length);
+
+/** Process an authenticated decryption operation.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param[in] nonce Nonce or IV to use.
+ * \param nonce_length Size of the \p nonce buffer in bytes.
+ * \param[in] additional_data Additional data that has been authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of \p additional_data in bytes.
+ * \param[in] ciphertext Data that has been authenticated and
+ * encrypted. For algorithms where the
+ * encrypted data and the authentication tag
+ * are defined as separate inputs, the buffer
+ * must contain the encrypted data followed
+ * by the authentication tag.
+ * \param ciphertext_length Size of \p ciphertext in bytes.
+ * \param[out] plaintext Output buffer for the decrypted data.
+ * \param plaintext_size Size of the \p plaintext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
+ * \p ciphertext_length).
+ * \param[out] plaintext_length On success, the size of the output
+ * in the \b plaintext buffer.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The ciphertext is not authentic.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not an AEAD algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length);
+
+/**@}*/
+
+/** \defgroup asymmetric Asymmetric cryptography
+ * @{
+ */
+
+/**
+ * \brief Sign a hash or short message with a private key.
+ *
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be an asymmetric key pair.
+ * \param alg A signature algorithm that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash or message to sign.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
+
+/**
+ * \brief Verify the signature a hash or short message using a public key.
+ *
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be a public key or an asymmetric key pair.
+ * \param alg A signature algorithm that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was perfomed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length);
+
+/**
+ * \brief Encrypt a short message with a public key.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be a public key or an asymmetric
+ * key pair.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \p key.
+ * \param[in] input The message to encrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the encrypted message is to
+ * be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/**
+ * \brief Decrypt a short message with a private key.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be an asymmetric key pair.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \p key.
+ * \param[in] input The message to decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the decrypted message is to
+ * be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/**@}*/
+
+/** \defgroup generators Generators
+ * @{
+ */
+
+/** The type of the state data structure for generators.
+ *
+ * Before calling any function on a generator, the application must
+ * initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_crypto_generator_t generator;
+ * memset(&generator, 0, sizeof(generator));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_crypto_generator_t generator = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_CRYPTO_GENERATOR_INIT,
+ * for example:
+ * \code
+ * psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ * \endcode
+ * - Assign the result of the function psa_crypto_generator_init()
+ * to the structure, for example:
+ * \code
+ * psa_crypto_generator_t generator;
+ * generator = psa_crypto_generator_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure except
+ * as directed by the documentation of a specific implementation.
+ */
+typedef struct psa_crypto_generator_s psa_crypto_generator_t;
+
+/** \def PSA_CRYPTO_GENERATOR_INIT
+ *
+ * This macro returns a suitable initializer for a generator object
+ * of type #psa_crypto_generator_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_CRYPTO_GENERATOR_INIT {0}
+#endif
+
+/** Return an initial value for a generator object.
+ */
+static psa_crypto_generator_t psa_crypto_generator_init(void);
+
+/** Retrieve the current capacity of a generator.
+ *
+ * The capacity of a generator is the maximum number of bytes that it can
+ * return. Reading *N* bytes from a generator reduces its capacity by *N*.
+ *
+ * \param[in] generator The generator to query.
+ * \param[out] capacity On success, the capacity of the generator.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
+ size_t *capacity);
+
+/** Read some data from a generator.
+ *
+ * This function reads and returns a sequence of bytes from a generator.
+ * The data that is read is discarded from the generator. The generator's
+ * capacity is decreased by the number of bytes read.
+ *
+ * \param[in,out] generator The generator object to read from.
+ * \param[out] output Buffer where the generator output will be
+ * written.
+ * \param output_length Number of bytes to output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * There were fewer than \p output_length bytes
+ * in the generator. Note that in this case, no
+ * output is written to the output buffer.
+ * The generator's capacity is set to 0, thus
+ * subsequent calls to this function will not
+ * succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
+ uint8_t *output,
+ size_t output_length);
+
+/** Create a symmetric key from data read from a generator.
+ *
+ * This function reads a sequence of bytes from a generator and imports
+ * these bytes as a key.
+ * The data that is read is discarded from the generator. The generator's
+ * capacity is decreased by the number of bytes read.
+ *
+ * This function is equivalent to calling #psa_generator_read and
+ * passing the resulting output to #psa_import_key, but
+ * if the implementation provides an isolation boundary then
+ * the key material is not exposed outside the isolation boundary.
+ *
+ * \param handle Handle to the slot where the key will be stored.
+ * It must have been obtained by calling
+ * psa_allocate_key() or psa_create_key() and must
+ * not contain key material yet.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * This must be a symmetric key type.
+ * \param bits Key size in bits.
+ * \param[in,out] generator The generator object to read from.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * There were fewer than \p output_length bytes
+ * in the generator. Note that in this case, no
+ * output is written to the output buffer.
+ * The generator's capacity is set to 0, thus
+ * subsequent calls to this function will not
+ * succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key type or key size is not supported, either by the
+ * implementation in general or in this particular slot.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key in the specified slot.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_generator_import_key(psa_key_handle_t handle,
+ psa_key_type_t type,
+ size_t bits,
+ psa_crypto_generator_t *generator);
+
+/** Abort a generator.
+ *
+ * Once a generator has been aborted, its capacity is zero.
+ * Aborting a generator frees all associated resources except for the
+ * \c generator structure itself.
+ *
+ * This function may be called at any time as long as the generator
+ * object has been initialized to #PSA_CRYPTO_GENERATOR_INIT, to
+ * psa_crypto_generator_init() or a zero value. In particular, it is valid
+ * to call psa_generator_abort() twice, or to call psa_generator_abort()
+ * on a generator that has not been set up.
+ *
+ * Once aborted, the generator object may be called.
+ *
+ * \param[in,out] generator The generator to abort.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
+
+/** Use the maximum possible capacity for a generator.
+ *
+ * Use this value as the capacity argument when setting up a generator
+ * to indicate that the generator should have the maximum possible capacity.
+ * The value of the maximum possible capacity depends on the generator
+ * algorithm.
+ */
+#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
+
+/**@}*/
+
+/** \defgroup derivation Key derivation
+ * @{
+ */
+
+/** Set up a key derivation operation.
+ *
+ * A key derivation algorithm takes three inputs: a secret input \p key and
+ * two non-secret inputs \p label and p salt.
+ * The result of this function is a byte generator which can
+ * be used to produce keys and other cryptographic material.
+ *
+ * The role of \p label and \p salt is as follows:
+ * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
+ * and \p label is the info string used in the "expand" step.
+ *
+ * \param[in,out] generator The generator object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_crypto_generator_t and not yet in use.
+ * \param handle Handle to the secret key.
+ * \param alg The key derivation algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
+ * \param[in] salt Salt to use.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * \param[in] label Label to use.
+ * \param label_length Size of the \p label buffer in bytes.
+ * \param capacity The maximum number of bytes that the
+ * generator will be able to provide.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c key is not compatible with \c alg,
+ * or \p capacity is too large for the specified algorithm and key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \c alg is not supported or is not a key derivation algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *salt,
+ size_t salt_length,
+ const uint8_t *label,
+ size_t label_length,
+ size_t capacity);
+
+/** Set up a key agreement operation.
+ *
+ * A key agreement algorithm takes two inputs: a private key \p private_key
+ * a public key \p peer_key.
+ * The result of this function is a byte generator which can
+ * be used to produce keys and other cryptographic material.
+ *
+ * The resulting generator always has the maximum capacity permitted by
+ * the algorithm.
+ *
+ * \param[in,out] generator The generator object to set up. It must have been
+ * initialized as per the documentation for
+ * #psa_crypto_generator_t and not yet in use.
+ * \param private_key Handle to the private key to use.
+ * \param[in] peer_key Public key of the peer. The peer key must be in the
+ * same format that psa_import_key() accepts for the
+ * public key type corresponding to the type of
+ * \p private_key. That is, this function performs the
+ * equivalent of
+ * `psa_import_key(internal_public_key_handle,
+ * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(private_key_type),
+ * peer_key, peer_key_length)` where
+ * `private_key_type` is the type of \p private_key.
+ * For example, for EC keys, this means that \p
+ * peer_key is interpreted as a point on the curve
+ * that the private key is associated with. The
+ * standard formats for public keys are documented in
+ * the documentation of psa_export_public_key().
+ * \param peer_key_length Size of \p peer_key in bytes.
+ * \param alg The key agreement algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c private_key is not compatible with \c alg,
+ * or \p peer_key is not valid for \c alg or not compatible with
+ * \c private_key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \c alg is not supported or is not a key derivation algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ psa_algorithm_t alg);
+
+/**@}*/
+
+/** \defgroup random Random generation
+ * @{
+ */
+
+/**
+ * \brief Generate random bytes.
+ *
+ * \warning This function **can** fail! Callers MUST check the return status
+ * and MUST NOT use the content of the output buffer if the return
+ * status is not #PSA_SUCCESS.
+ *
+ * \note To generate a key, use psa_generate_key() instead.
+ *
+ * \param[out] output Output buffer for the generated data.
+ * \param output_size Number of bytes to generate and output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_generate_random(uint8_t *output,
+ size_t output_size);
+
+/** Extra parameters for RSA key generation.
+ *
+ * You may pass a pointer to a structure of this type as the \c extra
+ * parameter to psa_generate_key().
+ */
+typedef struct {
+ uint32_t e; /**< Public exponent value. Default: 65537. */
+} psa_generate_key_extra_rsa;
+
+/**
+ * \brief Generate a key or key pair.
+ *
+ * \param handle Handle to the slot where the key will be stored.
+ * It must have been obtained by calling
+ * psa_allocate_key() or psa_create_key() and must
+ * not contain key material yet.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param bits Key size in bits.
+ * \param[in] extra Extra parameters for key generation. The
+ * interpretation of this parameter depends on
+ * \p type. All types support \c NULL to use
+ * default parameters. Implementation that support
+ * the generation of vendor-specific key types
+ * that allow extra parameters shall document
+ * the format of these extra parameters and
+ * the default values. For standard parameters,
+ * the meaning of \p extra is as follows:
+ * - For a symmetric key type (a type such
+ * that #PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) is
+ * false), \p extra must be \c NULL.
+ * - For an elliptic curve key type (a type
+ * such that #PSA_KEY_TYPE_IS_ECC(\p type) is
+ * false), \p extra must be \c NULL.
+ * - For an RSA key (\p type is
+ * #PSA_KEY_TYPE_RSA_KEYPAIR), \p extra is an
+ * optional #psa_generate_key_extra_rsa structure
+ * specifying the public exponent. The
+ * default public exponent used when \p extra
+ * is \c NULL is 65537.
+ * \param extra_size Size of the buffer that \p extra
+ * points to, in bytes. Note that if \p extra is
+ * \c NULL then \p extra_size must be zero.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * There is already a key in the specified slot.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_generate_key(psa_key_handle_t handle,
+ psa_key_type_t type,
+ size_t bits,
+ const void *extra,
+ size_t extra_size);
+
+/**@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+/* The file "crypto_sizes.h" contains definitions for size calculation
+ * macros whose definitions are implementation-specific. */
+#include "crypto_sizes.h"
+
+/* The file "crypto_struct.h" contains definitions for
+ * implementation-specific structs that are declared above. */
+#include "crypto_struct.h"
+
+/* The file "crypto_extra.h" contains vendor-specific definitions. This
+ * can include vendor-defined algorithms, extra functions, etc. */
+#include "crypto_extra.h"
+
+#endif /* PSA_CRYPTO_H */
diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h
new file mode 100644
index 0000000..4a540f0
--- /dev/null
+++ b/include/psa/crypto_accel_driver.h
@@ -0,0 +1,823 @@
+/**
+ * \file psa/crypto_accel_driver.h
+ * \brief PSA cryptography accelerator driver module
+ *
+ * This header declares types and function signatures for cryptography
+ * drivers that access key material directly. This is meant for
+ * on-chip cryptography accelerators.
+ *
+ * This file is part of the PSA Crypto Driver Model, containing functions for
+ * driver developers to implement to enable hardware to be called in a
+ * standardized way by a PSA Cryptographic API implementation. The functions
+ * comprising the driver model, which driver authors implement, are not
+ * intended to be called by application developers.
+ */
+
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef PSA_CRYPTO_ACCEL_DRIVER_H
+#define PSA_CRYPTO_ACCEL_DRIVER_H
+
+#include "crypto_driver_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \defgroup driver_digest Hardware-Accelerated Message Digests
+ *
+ * Generation and authentication of Message Digests (aka hashes) must be done
+ * in parts using the following sequence:
+ * - `psa_drv_hash_setup_t`
+ * - `psa_drv_hash_update_t`
+ * - `psa_drv_hash_update_t`
+ * - ...
+ * - `psa_drv_hash_finish_t`
+ *
+ * If a previously started Message Digest operation needs to be terminated
+ * before the `psa_drv_hash_finish_t` operation is complete, it should be aborted
+ * by the `psa_drv_hash_abort_t`. Failure to do so may result in allocated
+ * resources not being freed or in other undefined behavior.
+ */
+/**@{*/
+
+/** \brief The hardware-specific hash context structure
+ *
+ * The contents of this structure are implementation dependent and are
+ * therefore not described here
+ */
+typedef struct psa_drv_hash_context_s psa_drv_hash_context_t;
+
+/** \brief The function prototype for the start operation of a hash (message
+ * digest) operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_hash_<ALGO>_setup
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying hash function
+ *
+ * \param[in,out] p_context A structure that will contain the
+ * hardware-specific hash context
+ *
+ * \retval PSA_SUCCESS Success.
+ */
+typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context);
+
+/** \brief The function prototype for the update operation of a hash (message
+ * digest) operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_hash_<ALGO>_update
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously-established hash operation to be
+ * continued
+ * \param[in] p_input A buffer containing the message to be appended
+ * to the hash operation
+ * \param[in] input_length The size in bytes of the input message buffer
+ */
+typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context,
+ const uint8_t *p_input,
+ size_t input_length);
+
+/** \brief The function prototype for the finish operation of a hash (message
+ * digest) operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_hash_<ALGO>_finish
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started hash operation to be
+ * fiinished
+ * \param[out] p_output A buffer where the generated digest will be
+ * placed
+ * \param[in] output_size The size in bytes of the buffer that has been
+ * allocated for the `p_output` buffer
+ * \param[out] p_output_length The number of bytes placed in `p_output` after
+ * success
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/** \brief The function prototype for the abort operation of a hash (message
+ * digest) operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_hash_<ALGO>_abort
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm
+ *
+ * \param[in,out] p_context A hardware-specific structure for the previously
+ * started hash operation to be aborted
+ */
+typedef void (*psa_drv_hash_abort_t)(psa_drv_hash_context_t *p_context);
+
+/**@}*/
+
+/** \defgroup accel_mac Hardware-Accelerated Message Authentication Code
+ * Generation and authentication of Message Authentication Codes (MACs) using
+ * cryptographic accelerators can be done either as a single function call (via the
+ * `psa_drv_accel_mac_generate_t` or `psa_drv_accel_mac_verify_t`
+ * functions), or in parts using the following sequence:
+ * - `psa_drv_accel_mac_setup_t`
+ * - `psa_drv_accel_mac_update_t`
+ * - `psa_drv_accel_mac_update_t`
+ * - ...
+ * - `psa_drv_accel_mac_finish_t` or `psa_drv_accel_mac_finish_verify_t`
+ *
+ * If a previously started MAC operation needs to be terminated, it
+ * should be done so by the `psa_drv_accel_mac_abort_t`. Failure to do so may
+ * result in allocated resources not being freed or in other undefined
+ * behavior.
+ *
+ */
+/**@{*/
+
+/** \brief The hardware-accelerator-specific MAC context structure
+ *
+ * The contents of this structure are implementation dependent and are
+ * therefore not described here.
+ */
+typedef struct psa_drv_accel_mac_context_s psa_drv_accel_mac_context_t;
+
+/** \brief The function prototype for the setup operation of a
+ * hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_setup
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT`
+ * is the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in,out] p_context A structure that will contain the
+ * hardware-specific MAC context
+ * \param[in] p_key A buffer containing the cleartext key material
+ * to be used in the operation
+ * \param[in] key_length The size in bytes of the key material
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_accel_mac_setup_t)(psa_drv_accel_mac_context_t *p_context,
+ const uint8_t *p_key,
+ size_t key_length);
+
+/** \brief The function prototype for the update operation of a
+ * hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_update
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT`
+ * is the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously-established MAC operation to be
+ * continued
+ * \param[in] p_input A buffer containing the message to be appended
+ * to the MAC operation
+ * \param[in] input_length The size in bytes of the input message buffer
+ */
+typedef psa_status_t (*psa_drv_accel_mac_update_t)(psa_drv_accel_mac_context_t *p_context,
+ const uint8_t *p_input,
+ size_t input_length);
+
+/** \brief The function prototype for the finish operation of a
+ * hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_finish
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
+ * the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started MAC operation to be
+ * finished
+ * \param[out] p_mac A buffer where the generated MAC will be placed
+ * \param[in] mac_length The size in bytes of the buffer that has been
+ * allocated for the `p_mac` buffer
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t *p_context,
+ uint8_t *p_mac,
+ size_t mac_length);
+
+/** \brief The function prototype for the finish and verify operation of a
+ * hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_finish_verify
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
+ * the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started MAC operation to be
+ * verified and finished
+ * \param[in] p_mac A buffer containing the MAC that will be used
+ * for verification
+ * \param[in] mac_length The size in bytes of the data in the `p_mac`
+ * buffer
+ *
+ * \retval PSA_SUCCESS
+ * The operation completed successfully and the comparison matched
+ */
+typedef psa_status_t (*psa_drv_accel_mac_finish_verify_t)(psa_drv_accel_mac_context_t *p_context,
+ const uint8_t *p_mac,
+ size_t mac_length);
+
+/** \brief The function prototype for the abort operation for a previously
+ * started hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_abort
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
+ * the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started MAC operation to be
+ * aborted
+ *
+ */
+typedef psa_status_t (*psa_drv_accel_mac_abort_t)(psa_drv_accel_mac_context_t *p_context);
+
+/** \brief The function prototype for the one-shot operation of a
+ * hardware-accelerated MAC operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
+ * the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in] p_input A buffer containing the data to be MACed
+ * \param[in] input_length The length in bytes of the `p_input` data
+ * \param[in] p_key A buffer containing the key material to be used
+ * for the MAC operation
+ * \param[in] key_length The length in bytes of the `p_key` data
+ * \param[in] alg The algorithm to be performed
+ * \param[out] p_mac The buffer where the resulting MAC will be placed
+ * upon success
+ * \param[in] mac_length The length in bytes of the `p_mac` buffer
+ */
+typedef psa_status_t (*psa_drv_accel_mac_t)(const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ uint8_t *p_mac,
+ size_t mac_length);
+
+/** \brief The function prototype for the one-shot hardware-accelerated MAC
+ * Verify operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_verify
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
+ * the specific variant of a MAC operation (such as HMAC or CMAC)
+ *
+ * \param[in] p_input A buffer containing the data to be MACed
+ * \param[in] input_length The length in bytes of the `p_input` data
+ * \param[in] p_key A buffer containing the key material to be used
+ * for the MAC operation
+ * \param[in] key_length The length in bytes of the `p_key` data
+ * \param[in] alg The algorithm to be performed
+ * \param[in] p_mac The MAC data to be compared
+ * \param[in] mac_length The length in bytes of the `p_mac` buffer
+ *
+ * \retval PSA_SUCCESS
+ * The operation completed successfully and the comparison matched
+ */
+typedef psa_status_t (*psa_drv_accel_mac_verify_t)(const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *p_mac,
+ size_t mac_length);
+/**@}*/
+
+/** \defgroup accel_cipher Hardware-Accelerated Block Ciphers
+ * Encryption and Decryption using hardware-acceleration in block modes other
+ * than ECB must be done in multiple parts, using the following flow:
+ * - `psa_drv_accel_ciphersetup_t`
+ * - `psa_drv_accel_cipher_set_iv_t` (optional depending upon block mode)
+ * - `psa_drv_accel_cipher_update_t`
+ * - `psa_drv_accel_cipher_update_t`
+ * - ...
+ * - `psa_drv_accel_cipher_finish_t`
+ *
+ * If a previously started hardware-accelerated Cipher operation needs to be
+ * terminated, it should be done so by the `psa_drv_accel_cipher_abort_t`.
+ * Failure to do so may result in allocated resources not being freed or in
+ * other undefined behavior.
+ */
+/**@{*/
+
+/** \brief The hardware-accelerator-specific cipher context structure
+ *
+ * The contents of this structure are implementation dependent and are
+ * therefore not described here.
+ */
+typedef struct psa_drv_accel_cipher_context_s psa_drv_accel_cipher_context_t;
+
+/** \brief The function prototype for the setup operation of
+ * hardware-accelerated block cipher operations.
+ * Functions that implement this prototype should be named in the following
+ * conventions:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_setup_<CIPHER_NAME>_<MODE>
+ * ~~~~~~~~~~~~~
+ * Where
+ * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
+ * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
+ *
+ * For stream ciphers:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_setup_<CIPHER_NAME>
+ * ~~~~~~~~~~~~~
+ * Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4)
+ *
+ * \param[in,out] p_context A structure that will contain the
+ * hardware-specific cipher context
+ * \param[in] direction Indicates if the operation is an encrypt or a
+ * decrypt
+ * \param[in] p_key_data A buffer containing the cleartext key material
+ * to be used in the operation
+ * \param[in] key_data_size The size in bytes of the key material
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_context_t *p_context,
+ psa_encrypt_or_decrypt_t direction,
+ const uint8_t *p_key_data,
+ size_t key_data_size);
+
+/** \brief The function prototype for the set initialization vector operation
+ * of hardware-accelerated block cipher operations
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_set_iv_<CIPHER_NAME>_<MODE>
+ * ~~~~~~~~~~~~~
+ * Where
+ * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
+ * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
+ *
+ * \param[in,out] p_context A structure that contains the previously setup
+ * hardware-specific cipher context
+ * \param[in] p_iv A buffer containing the initialization vecotr
+ * \param[in] iv_length The size in bytes of the contents of `p_iv`
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_context_t *p_context,
+ const uint8_t *p_iv,
+ size_t iv_length);
+
+/** \brief The function prototype for the update operation of
+ * hardware-accelerated block cipher operations.
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_update_<CIPHER_NAME>_<MODE>
+ * ~~~~~~~~~~~~~
+ * Where
+ * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
+ * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ * \param[in] p_input A buffer containing the data to be
+ * encrypted or decrypted
+ * \param[in] input_size The size in bytes of the `p_input` buffer
+ * \param[out] p_output A caller-allocated buffer where the
+ * generated output will be placed
+ * \param[in] output_size The size in bytes of the `p_output` buffer
+ * \param[out] p_output_length After completion, will contain the number
+ * of bytes placed in the `p_output` buffer
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_context_t *p_context,
+ const uint8_t *p_input,
+ size_t input_size,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/** \brief The function prototype for the finish operation of
+ * hardware-accelerated block cipher operations.
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_finish_<CIPHER_NAME>_<MODE>
+ * ~~~~~~~~~~~~~
+ * Where
+ * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
+ * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ * \param[out] p_output A caller-allocated buffer where the generated
+ * output will be placed
+ * \param[in] output_size The size in bytes of the `p_output` buffer
+ * \param[out] p_output_length After completion, will contain the number of
+ * bytes placed in the `p_output` buffer
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_context_t *p_context,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/** \brief The function prototype for the abort operation of
+ * hardware-accelerated block cipher operations.
+ *
+ * Functions that implement the following prototype should be named in the
+ * following convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_cipher_abort_<CIPHER_NAME>_<MODE>
+ * ~~~~~~~~~~~~~
+ * Where
+ * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
+ * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_cipher_abort_t)(psa_drv_accel_cipher_context_t *p_context);
+
+/**@}*/
+
+/** \defgroup accel_aead Hardware-Accelerated Authenticated Encryption with Additional Data
+ *
+ * Hardware-accelerated Authenticated Encryption with Additional Data (AEAD)
+ * operations must be done in one function call. While this creates a burden
+ * for implementers as there must be sufficient space in memory for the entire
+ * message, it prevents decrypted data from being made available before the
+ * authentication operation is complete and the data is known to be authentic.
+ */
+/**@{*/
+
+/** \brief The function prototype for the hardware-accelerated authenticated
+ * encryption operation.
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_aead_<ALGO>_encrypt
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the AEAD algorithm
+ *
+ * \param[in] p_key A pointer to the key material
+ * \param[in] key_length The size in bytes of the key material
+ * \param[in] alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(`alg`) is true)
+ * \param[in] nonce Nonce or IV to use
+ * \param[in] nonce_length Size of the `nonce` buffer in bytes
+ * \param[in] additional_data Additional data that will be MACed
+ * but not encrypted.
+ * \param[in] additional_data_length Size of `additional_data` in bytes
+ * \param[in] plaintext Data that will be MACed and
+ * encrypted.
+ * \param[in] plaintext_length Size of `plaintext` in bytes
+ * \param[out] ciphertext Output buffer for the authenticated and
+ * encrypted data. The additional data is
+ * not part of this output. For algorithms
+ * where the encrypted data and the
+ * authentication tag are defined as
+ * separate outputs, the authentication
+ * tag is appended to the encrypted data.
+ * \param[in] ciphertext_size Size of the `ciphertext` buffer in
+ * bytes
+ * This must be at least
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(`alg`,
+ * `plaintext_length`).
+ * \param[out] ciphertext_length On success, the size of the output in
+ * the `ciphertext` buffer
+ *
+ * \retval #PSA_SUCCESS
+ *
+ */
+typedef psa_status_t (*psa_drv_accel_aead_encrypt_t)(const uint8_t *p_key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length);
+
+/** \brief The function prototype for the hardware-accelerated authenticated
+ * decryption operation.
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_aead_<ALGO>_decrypt
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the AEAD algorithm
+ * \param[in] p_key A pointer to the key material
+ * \param[in] key_length The size in bytes of the key material
+ * \param[in] alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(`alg`) is true)
+ * \param[in] nonce Nonce or IV to use
+ * \param[in] nonce_length Size of the `nonce` buffer in bytes
+ * \param[in] additional_data Additional data that has been MACed
+ * but not encrypted
+ * \param[in] additional_data_length Size of `additional_data` in bytes
+ * \param[in] ciphertext Data that has been MACed and
+ * encrypted
+ * For algorithms where the encrypted data
+ * and the authentication tag are defined
+ * as separate inputs, the buffer must
+ * contain the encrypted data followed by
+ * the authentication tag.
+ * \param[in] ciphertext_length Size of `ciphertext` in bytes
+ * \param[out] plaintext Output buffer for the decrypted data
+ * \param[in] plaintext_size Size of the `plaintext` buffer in
+ * bytes
+ * This must be at least
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(`alg`,
+ * `ciphertext_length`).
+ * \param[out] plaintext_length On success, the size of the output
+ * in the \b plaintext buffer
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_accel_aead_decrypt_t)(const uint8_t *p_key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length);
+
+/**@}*/
+
+/** \defgroup accel_asymmetric Hardware-Accelerated Asymmetric Cryptography
+ *
+ * Since the amount of data that can (or should) be encrypted or signed using
+ * asymmetric keys is limited by the key size, hardware-accelerated asymmetric
+ * key operations must be done in single function calls.
+ */
+/**@{*/
+
+
+/**
+ * \brief The function prototype for the hardware-accelerated asymmetric sign
+ * operation.
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_asymmetric_<ALGO>_sign
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the signing algorithm
+ *
+ * This function supports any asymmetric-key output from psa_export_key() as
+ * the buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_key() for the formats.
+ *
+ * \param[in] p_key A buffer containing the private key
+ * material
+ * \param[in] key_size The size in bytes of the `p_key` data
+ * \param[in] alg A signature algorithm that is compatible
+ * with the type of `p_key`
+ * \param[in] p_hash The hash or message to sign
+ * \param[in] hash_length Size of the `p_hash` buffer in bytes
+ * \param[out] p_signature Buffer where the signature is to be written
+ * \param[in] signature_size Size of the `p_signature` buffer in bytes
+ * \param[out] p_signature_length On success, the number of bytes
+ * that make up the returned signature value
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key,
+ size_t key_size,
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ uint8_t *p_signature,
+ size_t signature_size,
+ size_t *p_signature_length);
+
+/**
+ * \brief The function prototype for the hardware-accelerated signature verify
+ * operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_asymmetric_<ALGO>_verify
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the signing algorithm
+ *
+ * This function supports any output from \ref psa_export_public_key() as the
+ * buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_public_key() for the format of public keys and to the
+ * documentation of \ref psa_export_key() for the format for other key types.
+ *
+ * \param[in] p_key A buffer containing the public key material
+ * \param[in] key_size The size in bytes of the `p_key` data
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of `key`
+ * \param[in] p_hash The hash or message whose signature is to be
+ * verified
+ * \param[in] hash_length Size of the `p_hash` buffer in bytes
+ * \param[in] p_signature Buffer containing the signature to verify
+ * \param[in] signature_length Size of the `p_signature` buffer in bytes
+ *
+ * \retval PSA_SUCCESS
+ * The signature is valid.
+ */
+typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key,
+ size_t key_size,
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ const uint8_t *p_signature,
+ size_t signature_length);
+
+/**
+ * \brief The function prototype for the hardware-accelerated asymmetric
+ * encrypt operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_asymmetric_<ALGO>_encrypt
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the encryption algorithm
+ *
+ * This function supports any output from \ref psa_export_public_key() as the
+ * buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_public_key() for the format of public keys and to the
+ * documentation of \ref psa_export_key() for the format for other key types.
+ *
+ * \param[in] p_key A buffer containing the public key material
+ * \param[in] key_size The size in bytes of the `p_key` data
+ * \param[in] alg An asymmetric encryption algorithm that is
+ * compatible with the type of `key`
+ * \param[in] p_input The message to encrypt
+ * \param[in] input_length Size of the `p_input` buffer in bytes
+ * \param[in] p_salt A salt or label, if supported by the
+ * encryption algorithm
+ * If the algorithm does not support a
+ * salt, pass `NULL`
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass `NULL`.
+ * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param[in] salt_length Size of the `p_salt` buffer in bytes
+ * If `p_salt` is `NULL`, pass 0.
+ * \param[out] p_output Buffer where the encrypted message is to
+ * be written
+ * \param[in] output_size Size of the `p_output` buffer in bytes
+ * \param[out] p_output_length On success, the number of bytes
+ * that make up the returned output
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key,
+ size_t key_size,
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_salt,
+ size_t salt_length,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/**
+ * \brief The function prototype for the hardware=acce;erated asymmetric
+ * decrypt operation
+ *
+ * Functions that implement this prototype should be named in the following
+ * convention:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_accel_asymmetric_<ALGO>_decrypt
+ * ~~~~~~~~~~~~~
+ * Where `ALGO` is the name of the encryption algorithm
+ *
+ * This function supports any asymmetric-key output from psa_export_key() as
+ * the buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_key() for the formats.
+ *
+ * \param[in] p_key A buffer containing the private key material
+ * \param[in] key_size The size in bytes of the `p_key` data
+ * \param[in] alg An asymmetric encryption algorithm that is
+ * compatible with the type of `key`
+ * \param[in] p_input The message to decrypt
+ * \param[in] input_length Size of the `p_input` buffer in bytes
+ * \param[in] p_salt A salt or label, if supported by the
+ * encryption algorithm
+ * If the algorithm does not support a
+ * salt, pass `NULL`.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass `NULL`.
+ * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported
+ * \param[in] salt_length Size of the `p_salt` buffer in bytes
+ * If `p_salt` is `NULL`, pass 0
+ * \param[out] p_output Buffer where the decrypted message is to
+ * be written
+ * \param[in] output_size Size of the `p_output` buffer in bytes
+ * \param[out] p_output_length On success, the number of bytes
+ * that make up the returned output
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_accel_asymmetric_decrypt_t)(const uint8_t *p_key,
+ size_t key_size,
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_salt,
+ size_t salt_length,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/**@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_ACCEL_DRIVER_H */
diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h
new file mode 100644
index 0000000..6f1a5d5
--- /dev/null
+++ b/include/psa/crypto_driver_common.h
@@ -0,0 +1,54 @@
+/**
+ * \file psa/crypto_driver_common.h
+ * \brief Definitions for all PSA crypto drivers
+ *
+ * This file contains common definitions shared by all PSA crypto drivers.
+ * Do not include it directly: instead, include the header file(s) for
+ * the type(s) of driver that you are implementing. For example, if
+ * you are writing a driver for a chip that provides both a hardware
+ * random generator and an accelerator for some cryptographic algorithms,
+ * include `psa/crypto_entropy_driver.h` and `psa/crypto_accel_driver.h`.
+ *
+ * This file is part of the PSA Crypto Driver Model, containing functions for
+ * driver developers to implement to enable hardware to be called in a
+ * standardized way by a PSA Cryptographic API implementation. The functions
+ * comprising the driver model, which driver authors implement, are not
+ * intended to be called by application developers.
+ */
+
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef PSA_CRYPTO_DRIVER_COMMON_H
+#define PSA_CRYPTO_DRIVER_COMMON_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* Include type definitions (psa_status_t, psa_algorithm_t,
+ * psa_key_type_t, etc.) and macros to build and analyze values
+ * of these types. */
+#include "crypto_types.h"
+#include "crypto_values.h"
+
+/** For encrypt-decrypt functions, whether the operation is an encryption
+ * or a decryption. */
+typedef enum {
+ PSA_CRYPTO_DRIVER_DECRYPT,
+ PSA_CRYPTO_DRIVER_ENCRYPT
+} psa_encrypt_or_decrypt_t;
+
+#endif /* PSA_CRYPTO_DRIVER_COMMON_H */
diff --git a/include/psa/crypto_entropy_driver.h b/include/psa/crypto_entropy_driver.h
new file mode 100644
index 0000000..f596b6b
--- /dev/null
+++ b/include/psa/crypto_entropy_driver.h
@@ -0,0 +1,108 @@
+/**
+ * \file psa/crypto_entropy_driver.h
+ * \brief PSA entropy source driver module
+ *
+ * This header declares types and function signatures for entropy sources.
+ *
+ * This file is part of the PSA Crypto Driver Model, containing functions for
+ * driver developers to implement to enable hardware to be called in a
+ * standardized way by a PSA Cryptographic API implementation. The functions
+ * comprising the driver model, which driver authors implement, are not
+ * intended to be called by application developers.
+ */
+
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef PSA_CRYPTO_ENTROPY_DRIVER_H
+#define PSA_CRYPTO_ENTROPY_DRIVER_H
+
+#include "crypto_driver_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \defgroup driver_rng Entropy Generation
+ */
+/**@{*/
+
+/** \brief Initialize an entropy driver
+ *
+ *
+ * \param[in,out] p_context A hardware-specific structure
+ * containing any context information for
+ * the implementation
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context);
+
+/** \brief Get a specified number of bits from the entropy source
+ *
+ * It retrives `buffer_size` bytes of data from the entropy source. The entropy
+ * source will always fill the provided buffer to its full size, however, most
+ * entropy sources have biases, and the actual amount of entropy contained in
+ * the buffer will be less than the number of bytes.
+ * The driver will return the actual number of bytes of entropy placed in the
+ * buffer in `p_received_entropy_bytes`.
+ * A PSA Crypto API implementation will likely feed the output of this function
+ * into a Digital Random Bit Generator (DRBG), and typically has a minimum
+ * amount of entropy that it needs.
+ * To accomplish this, the PSA Crypto implementation should be designed to call
+ * this function multiple times until it has received the required amount of
+ * entropy from the entropy source.
+ *
+ * \param[in,out] p_context A hardware-specific structure
+ * containing any context information
+ * for the implementation
+ * \param[out] p_buffer A caller-allocated buffer for the
+ * retrieved entropy to be placed in
+ * \param[in] buffer_size The allocated size of `p_buffer`
+ * \param[out] p_received_entropy_bits The amount of entropy (in bits)
+ * actually provided in `p_buffer`
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_entropy_get_bits_t)(void *p_context,
+ uint8_t *p_buffer,
+ uint32_t buffer_size,
+ uint32_t *p_received_entropy_bits);
+
+/**
+ * \brief A struct containing all of the function pointers needed to interface
+ * to an entropy source
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup.
+ *
+ * If one of the functions is not implemented, it should be set to NULL.
+ */
+typedef struct {
+ /** The driver-specific size of the entropy context */
+ const size_t context_size;
+ /** Function that performs initialization for the entropy source */
+ psa_drv_entropy_init_t p_init;
+ /** Function that performs the get_bits operation for the entropy source */
+ psa_drv_entropy_get_bits_t p_get_bits;
+} psa_drv_entropy_t;
+/**@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_ENTROPY_DRIVER_H */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
new file mode 100644
index 0000000..c89c55d
--- /dev/null
+++ b/include/psa/crypto_extra.h
@@ -0,0 +1,151 @@
+/**
+ * \file psa/crypto_extra.h
+ *
+ * \brief PSA cryptography module: Mbed TLS vendor extensions
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file is reserved for vendor-specific definitions.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_EXTRA_H
+#define PSA_CRYPTO_EXTRA_H
+
+#include "mbedtls/platform_util.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* UID for secure storage seed */
+#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
+
+/*
+ * Deprecated PSA Crypto error code definitions
+ */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_UNKNOWN_ERROR \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_OCCUPIED_SLOT \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_EMPTY_SLOT \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_INSUFFICIENT_CAPACITY \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
+#endif
+
+/**
+ * \brief Library deinitialization.
+ *
+ * This function clears all data associated with the PSA layer,
+ * including the whole key store.
+ *
+ * This is an Mbed TLS extension.
+ */
+void mbedtls_psa_crypto_free( void );
+
+
+/**
+ * \brief Inject an initial entropy seed for the random generator into
+ * secure storage.
+ *
+ * This function injects data to be used as a seed for the random generator
+ * used by the PSA Crypto implementation. On devices that lack a trusted
+ * entropy source (preferably a hardware random number generator),
+ * the Mbed PSA Crypto implementation uses this value to seed its
+ * random generator.
+ *
+ * On devices without a trusted entropy source, this function must be
+ * called exactly once in the lifetime of the device. On devices with
+ * a trusted entropy source, calling this function is optional.
+ * In all cases, this function may only be called before calling any
+ * other function in the PSA Crypto API, including psa_crypto_init().
+ *
+ * When this function returns successfully, it populates a file in
+ * persistent storage. Once the file has been created, this function
+ * can no longer succeed.
+ *
+ * If any error occurs, this function does not change the system state.
+ * You can call this function again after correcting the reason for the
+ * error if possible.
+ *
+ * \warning This function **can** fail! Callers MUST check the return status.
+ *
+ * \warning If you use this function, you should use it as part of a
+ * factory provisioning process. The value of the injected seed
+ * is critical to the security of the device. It must be
+ * *secret*, *unpredictable* and (statistically) *unique per device*.
+ * You should be generate it randomly using a cryptographically
+ * secure random generator seeded from trusted entropy sources.
+ * You should transmit it securely to the device and ensure
+ * that its value is not leaked or stored anywhere beyond the
+ * needs of transmitting it from the point of generation to
+ * the call of this function, and erase all copies of the value
+ * once this function returns.
+ *
+ * This is an Mbed TLS extension.
+ *
+ * \note This function is only available on the following platforms:
+ * * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+ * Note that you must provide compatible implementations of
+ * mbedtls_nv_seed_read and mbedtls_nv_seed_write.
+ * * In a client-server integration of PSA Cryptography, on the client side,
+ * if the server supports this feature.
+ * \param[in] seed Buffer containing the seed value to inject.
+ * \param[in] seed_size Size of the \p seed buffer.
+ * The size of the seed in bytes must be greater
+ * or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM
+ * and #MBEDTLS_ENTROPY_BLOCK_SIZE.
+ * It must be less or equal to
+ * #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
+ *
+ * \retval #PSA_SUCCESS
+ * The seed value was injected successfully. The random generator
+ * of the PSA Crypto implementation is now ready for use.
+ * You may now call psa_crypto_init() and use the PSA Crypto
+ * implementation.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p seed_size is out of range.
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * There was a failure reading or writing from storage.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The library has already been initialized. It is no longer
+ * possible to call this function.
+ */
+psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
+ size_t seed_size);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_EXTRA_H */
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
new file mode 100644
index 0000000..42cdad3
--- /dev/null
+++ b/include/psa/crypto_platform.h
@@ -0,0 +1,101 @@
+/**
+ * \file psa/crypto_platform.h
+ *
+ * \brief PSA cryptography module: Mbed TLS platfom definitions
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file contains platform-dependent type definitions.
+ *
+ * In implementations with isolation between the application and the
+ * cryptography module, implementers should take care to ensure that
+ * the definitions that are exposed to applications match what the
+ * module implements.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_PLATFORM_H
+#define PSA_CRYPTO_PLATFORM_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/* PSA requires several types which C99 provides in stdint.h. */
+#include <stdint.h>
+
+/* Integral type representing a key handle. */
+typedef uint16_t psa_key_handle_t;
+
+/* This implementation distinguishes *application key identifiers*, which
+ * are the key identifiers specified by the application, from
+ * *key file identifiers*, which are the key identifiers that the library
+ * sees internally. The two types can be different if there is a remote
+ * call layer between the application and the library which supports
+ * multiple client applications that do not have access to each others'
+ * keys. The point of having different types is that the key file
+ * identifier may encode not only the key identifier specified by the
+ * application, but also the the identity of the application.
+ *
+ * Note that this is an internal concept of the library and the remote
+ * call layer. The application itself never sees anything other than
+ * #psa_app_key_id_t with its standard definition.
+ */
+
+/* The application key identifier is always what the application sees as
+ * #psa_key_id_t. */
+typedef uint32_t psa_app_key_id_t;
+
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+
+#if defined(PSA_CRYPTO_SECURE)
+/* Building for the PSA Crypto service on a PSA platform. */
+/* A key owner is a PSA partition identifier. */
+typedef int32_t psa_key_owner_id_t;
+#endif
+
+typedef struct
+{
+ uint32_t key_id;
+ psa_key_owner_id_t owner;
+} psa_key_file_id_t;
+#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
+
+/* Since crypto.h is used as part of the PSA Cryptography API specification,
+ * it must use standard types for things like the argument of psa_open_key().
+ * If it wasn't for that constraint, psa_open_key() would take a
+ * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
+ * alias for `psa_key_file_id_t` when building for a multi-client service. */
+typedef psa_key_file_id_t psa_key_id_t;
+
+#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
+/* By default, a key file identifier is just the application key identifier. */
+typedef psa_app_key_id_t psa_key_file_id_t;
+#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
+
+#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
+#endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
new file mode 100644
index 0000000..5fb7bc3
--- /dev/null
+++ b/include/psa/crypto_se_driver.h
@@ -0,0 +1,968 @@
+/**
+ * \file psa/crypto_se_driver.h
+ * \brief PSA external cryptoprocessor driver module
+ *
+ * This header declares types and function signatures for cryptography
+ * drivers that access key material via opaque references.
+ * This is meant for cryptoprocessors that have a separate key storage from the
+ * space in which the PSA Crypto implementation runs, typically secure
+ * elements (SEs).
+ *
+ * This file is part of the PSA Crypto Driver Model, containing functions for
+ * driver developers to implement to enable hardware to be called in a
+ * standardized way by a PSA Cryptographic API implementation. The functions
+ * comprising the driver model, which driver authors implement, are not
+ * intended to be called by application developers.
+ */
+
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef PSA_CRYPTO_SE_DRIVER_H
+#define PSA_CRYPTO_SE_DRIVER_H
+
+#include "crypto_driver_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** An internal designation of a key slot between the core part of the
+ * PSA Crypto implementation and the driver. The meaning of this value
+ * is driver-dependent. */
+typedef uint32_t psa_key_slot_number_t; // Change this to psa_key_slot_t after psa_key_slot_t is removed from Mbed crypto
+
+/** \defgroup se_mac Secure Element Message Authentication Codes
+ * Generation and authentication of Message Authentication Codes (MACs) using
+ * a secure element can be done either as a single function call (via the
+ * `psa_drv_se_mac_generate_t` or `psa_drv_se_mac_verify_t` functions), or in
+ * parts using the following sequence:
+ * - `psa_drv_se_mac_setup_t`
+ * - `psa_drv_se_mac_update_t`
+ * - `psa_drv_se_mac_update_t`
+ * - ...
+ * - `psa_drv_se_mac_finish_t` or `psa_drv_se_mac_finish_verify_t`
+ *
+ * If a previously started secure element MAC operation needs to be terminated,
+ * it should be done so by the `psa_drv_se_mac_abort_t`. Failure to do so may
+ * result in allocated resources not being freed or in other undefined
+ * behavior.
+ */
+/**@{*/
+/** \brief A function that starts a secure element MAC operation for a PSA
+ * Crypto Driver implementation
+ *
+ * \param[in,out] p_context A structure that will contain the
+ * hardware-specific MAC context
+ * \param[in] key_slot The slot of the key to be used for the
+ * operation
+ * \param[in] algorithm The algorithm to be used to underly the MAC
+ * operation
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_mac_setup_t)(void *p_context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t algorithm);
+
+/** \brief A function that continues a previously started secure element MAC
+ * operation
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously-established MAC operation to be
+ * updated
+ * \param[in] p_input A buffer containing the message to be appended
+ * to the MAC operation
+ * \param[in] input_length The size in bytes of the input message buffer
+ */
+typedef psa_status_t (*psa_drv_se_mac_update_t)(void *p_context,
+ const uint8_t *p_input,
+ size_t input_length);
+
+/** \brief a function that completes a previously started secure element MAC
+ * operation by returning the resulting MAC.
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started MAC operation to be
+ * finished
+ * \param[out] p_mac A buffer where the generated MAC will be
+ * placed
+ * \param[in] mac_size The size in bytes of the buffer that has been
+ * allocated for the `output` buffer
+ * \param[out] p_mac_length After completion, will contain the number of
+ * bytes placed in the `p_mac` buffer
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *p_context,
+ uint8_t *p_mac,
+ size_t mac_size,
+ size_t *p_mac_length);
+
+/** \brief A function that completes a previously started secure element MAC
+ * operation by comparing the resulting MAC against a provided value
+ *
+ * \param[in,out] p_context A hardware-specific structure for the previously
+ * started MAC operation to be fiinished
+ * \param[in] p_mac The MAC value against which the resulting MAC will
+ * be compared against
+ * \param[in] mac_length The size in bytes of the value stored in `p_mac`
+ *
+ * \retval PSA_SUCCESS
+ * The operation completed successfully and the MACs matched each
+ * other
+ * \retval PSA_ERROR_INVALID_SIGNATURE
+ * The operation completed successfully, but the calculated MAC did
+ * not match the provided MAC
+ */
+typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *p_context,
+ const uint8_t *p_mac,
+ size_t mac_length);
+
+/** \brief A function that aborts a previous started secure element MAC
+ * operation
+ *
+ * \param[in,out] p_context A hardware-specific structure for the previously
+ * started MAC operation to be aborted
+ */
+typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *p_context);
+
+/** \brief A function that performs a secure element MAC operation in one
+ * command and returns the calculated MAC
+ *
+ * \param[in] p_input A buffer containing the message to be MACed
+ * \param[in] input_length The size in bytes of `p_input`
+ * \param[in] key_slot The slot of the key to be used
+ * \param[in] alg The algorithm to be used to underlie the MAC
+ * operation
+ * \param[out] p_mac A buffer where the generated MAC will be
+ * placed
+ * \param[in] mac_size The size in bytes of the `p_mac` buffer
+ * \param[out] p_mac_length After completion, will contain the number of
+ * bytes placed in the `output` buffer
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_mac_generate_t)(const uint8_t *p_input,
+ size_t input_length,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ uint8_t *p_mac,
+ size_t mac_size,
+ size_t *p_mac_length);
+
+/** \brief A function that performs a secure element MAC operation in one
+ * command and compares the resulting MAC against a provided value
+ *
+ * \param[in] p_input A buffer containing the message to be MACed
+ * \param[in] input_length The size in bytes of `input`
+ * \param[in] key_slot The slot of the key to be used
+ * \param[in] alg The algorithm to be used to underlie the MAC
+ * operation
+ * \param[in] p_mac The MAC value against which the resulting MAC will
+ * be compared against
+ * \param[in] mac_length The size in bytes of `mac`
+ *
+ * \retval PSA_SUCCESS
+ * The operation completed successfully and the MACs matched each
+ * other
+ * \retval PSA_ERROR_INVALID_SIGNATURE
+ * The operation completed successfully, but the calculated MAC did
+ * not match the provided MAC
+ */
+typedef psa_status_t (*psa_drv_se_mac_verify_t)(const uint8_t *p_input,
+ size_t input_length,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_mac,
+ size_t mac_length);
+
+/** \brief A struct containing all of the function pointers needed to
+ * perform secure element MAC operations
+ *
+ * PSA Crypto API implementations should populate the table as appropriate
+ * upon startup.
+ *
+ * If one of the functions is not implemented (such as
+ * `psa_drv_se_mac_generate_t`), it should be set to NULL.
+ *
+ * Driver implementers should ensure that they implement all of the functions
+ * that make sense for their hardware, and that they provide a full solution
+ * (for example, if they support `p_setup`, they should also support
+ * `p_update` and at least one of `p_finish` or `p_finish_verify`).
+ *
+ */
+typedef struct {
+ /**The size in bytes of the hardware-specific secure element MAC context
+ * structure
+ */
+ size_t context_size;
+ /** Function that performs a MAC setup operation
+ */
+ psa_drv_se_mac_setup_t p_setup;
+ /** Function that performs a MAC update operation
+ */
+ psa_drv_se_mac_update_t p_update;
+ /** Function that completes a MAC operation
+ */
+ psa_drv_se_mac_finish_t p_finish;
+ /** Function that completes a MAC operation with a verify check
+ */
+ psa_drv_se_mac_finish_verify_t p_finish_verify;
+ /** Function that aborts a previoustly started MAC operation
+ */
+ psa_drv_se_mac_abort_t p_abort;
+ /** Function that performs a MAC operation in one call
+ */
+ psa_drv_se_mac_generate_t p_mac;
+ /** Function that performs a MAC and verify operation in one call
+ */
+ psa_drv_se_mac_verify_t p_mac_verify;
+} psa_drv_se_mac_t;
+/**@}*/
+
+/** \defgroup se_cipher Secure Element Symmetric Ciphers
+ *
+ * Encryption and Decryption using secure element keys in block modes other
+ * than ECB must be done in multiple parts, using the following flow:
+ * - `psa_drv_se_cipher_setup_t`
+ * - `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)
+ * - `psa_drv_se_cipher_update_t`
+ * - `psa_drv_se_cipher_update_t`
+ * - ...
+ * - `psa_drv_se_cipher_finish_t`
+ *
+ * If a previously started secure element Cipher operation needs to be
+ * terminated, it should be done so by the `psa_drv_se_cipher_abort_t`. Failure
+ * to do so may result in allocated resources not being freed or in other
+ * undefined behavior.
+ *
+ * In situations where a PSA Cryptographic API implementation is using a block
+ * mode not-supported by the underlying hardware or driver, it can construct
+ * the block mode itself, while calling the `psa_drv_se_cipher_ecb_t` function
+ * for the cipher operations.
+ */
+/**@{*/
+
+/** \brief A function that provides the cipher setup function for a
+ * secure element driver
+ *
+ * \param[in,out] p_context A structure that will contain the
+ * hardware-specific cipher context.
+ * \param[in] key_slot The slot of the key to be used for the
+ * operation
+ * \param[in] algorithm The algorithm to be used in the cipher
+ * operation
+ * \param[in] direction Indicates whether the operation is an encrypt
+ * or decrypt
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_NOT_SUPPORTED
+ */
+typedef psa_status_t (*psa_drv_se_cipher_setup_t)(void *p_context,
+ psa_key_slot_number_t key_slot,
+ psa_algorithm_t algorithm,
+ psa_encrypt_or_decrypt_t direction);
+
+/** \brief A function that sets the initialization vector (if
+ * necessary) for an secure element cipher operation
+ *
+ * Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has
+ * two IV functions: one to set the IV, and one to generate it internally. The
+ * generate function is not necessary for the drivers to implement as the PSA
+ * Crypto implementation can do the generation using its RNG features.
+ *
+ * \param[in,out] p_context A structure that contains the previously set up
+ * hardware-specific cipher context
+ * \param[in] p_iv A buffer containing the initialization vector
+ * \param[in] iv_length The size (in bytes) of the `p_iv` buffer
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *p_context,
+ const uint8_t *p_iv,
+ size_t iv_length);
+
+/** \brief A function that continues a previously started secure element cipher
+ * operation
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ * \param[in] p_input A buffer containing the data to be
+ * encrypted/decrypted
+ * \param[in] input_size The size in bytes of the buffer pointed to
+ * by `p_input`
+ * \param[out] p_output The caller-allocated buffer where the
+ * output will be placed
+ * \param[in] output_size The allocated size in bytes of the
+ * `p_output` buffer
+ * \param[out] p_output_length After completion, will contain the number
+ * of bytes placed in the `p_output` buffer
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *p_context,
+ const uint8_t *p_input,
+ size_t input_size,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/** \brief A function that completes a previously started secure element cipher
+ * operation
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ * \param[out] p_output The caller-allocated buffer where the output
+ * will be placed
+ * \param[in] output_size The allocated size in bytes of the `p_output`
+ * buffer
+ * \param[out] p_output_length After completion, will contain the number of
+ * bytes placed in the `p_output` buffer
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *p_context,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/** \brief A function that aborts a previously started secure element cipher
+ * operation
+ *
+ * \param[in,out] p_context A hardware-specific structure for the
+ * previously started cipher operation
+ */
+typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *p_context);
+
+/** \brief A function that performs the ECB block mode for secure element
+ * cipher operations
+ *
+ * Note: this function should only be used with implementations that do not
+ * provide a needed higher-level operation.
+ *
+ * \param[in] key_slot The slot of the key to be used for the operation
+ * \param[in] algorithm The algorithm to be used in the cipher operation
+ * \param[in] direction Indicates whether the operation is an encrypt or
+ * decrypt
+ * \param[in] p_input A buffer containing the data to be
+ * encrypted/decrypted
+ * \param[in] input_size The size in bytes of the buffer pointed to by
+ * `p_input`
+ * \param[out] p_output The caller-allocated buffer where the output will
+ * be placed
+ * \param[in] output_size The allocated size in bytes of the `p_output`
+ * buffer
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_NOT_SUPPORTED
+ */
+typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t algorithm,
+ psa_encrypt_or_decrypt_t direction,
+ const uint8_t *p_input,
+ size_t input_size,
+ uint8_t *p_output,
+ size_t output_size);
+
+/**
+ * \brief A struct containing all of the function pointers needed to implement
+ * cipher operations using secure elements.
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup or at build time.
+ *
+ * If one of the functions is not implemented (such as
+ * `psa_drv_se_cipher_ecb_t`), it should be set to NULL.
+ */
+typedef struct {
+ /** The size in bytes of the hardware-specific secure element cipher
+ * context structure
+ */
+ size_t context_size;
+ /** Function that performs a cipher setup operation */
+ psa_drv_se_cipher_setup_t p_setup;
+ /** Function that sets a cipher IV (if necessary) */
+ psa_drv_se_cipher_set_iv_t p_set_iv;
+ /** Function that performs a cipher update operation */
+ psa_drv_se_cipher_update_t p_update;
+ /** Function that completes a cipher operation */
+ psa_drv_se_cipher_finish_t p_finish;
+ /** Function that aborts a cipher operation */
+ psa_drv_se_cipher_abort_t p_abort;
+ /** Function that performs ECB mode for a cipher operation
+ * (Danger: ECB mode should not be used directly by clients of the PSA
+ * Crypto Client API)
+ */
+ psa_drv_se_cipher_ecb_t p_ecb;
+} psa_drv_se_cipher_t;
+
+/**@}*/
+
+/** \defgroup se_asymmetric Secure Element Asymmetric Cryptography
+ *
+ * Since the amount of data that can (or should) be encrypted or signed using
+ * asymmetric keys is limited by the key size, asymmetric key operations using
+ * keys in a secure element must be done in single function calls.
+ */
+/**@{*/
+
+/**
+ * \brief A function that signs a hash or short message with a private key in
+ * a secure element
+ *
+ * \param[in] key_slot Key slot of an asymmetric key pair
+ * \param[in] alg A signature algorithm that is compatible
+ * with the type of `key`
+ * \param[in] p_hash The hash to sign
+ * \param[in] hash_length Size of the `p_hash` buffer in bytes
+ * \param[out] p_signature Buffer where the signature is to be written
+ * \param[in] signature_size Size of the `p_signature` buffer in bytes
+ * \param[out] p_signature_length On success, the number of bytes
+ * that make up the returned signature value
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ uint8_t *p_signature,
+ size_t signature_size,
+ size_t *p_signature_length);
+
+/**
+ * \brief A function that verifies the signature a hash or short message using
+ * an asymmetric public key in a secure element
+ *
+ * \param[in] key_slot Key slot of a public key or an asymmetric key
+ * pair
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of `key`
+ * \param[in] p_hash The hash whose signature is to be verified
+ * \param[in] hash_length Size of the `p_hash` buffer in bytes
+ * \param[in] p_signature Buffer containing the signature to verify
+ * \param[in] signature_length Size of the `p_signature` buffer in bytes
+ *
+ * \retval PSA_SUCCESS
+ * The signature is valid.
+ */
+typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_hash,
+ size_t hash_length,
+ const uint8_t *p_signature,
+ size_t signature_length);
+
+/**
+ * \brief A function that encrypts a short message with an asymmetric public
+ * key in a secure element
+ *
+ * \param[in] key_slot Key slot of a public key or an asymmetric key
+ * pair
+ * \param[in] alg An asymmetric encryption algorithm that is
+ * compatible with the type of `key`
+ * \param[in] p_input The message to encrypt
+ * \param[in] input_length Size of the `p_input` buffer in bytes
+ * \param[in] p_salt A salt or label, if supported by the
+ * encryption algorithm
+ * If the algorithm does not support a
+ * salt, pass `NULL`.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass `NULL`.
+ * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param[in] salt_length Size of the `p_salt` buffer in bytes
+ * If `p_salt` is `NULL`, pass 0.
+ * \param[out] p_output Buffer where the encrypted message is to
+ * be written
+ * \param[in] output_size Size of the `p_output` buffer in bytes
+ * \param[out] p_output_length On success, the number of bytes that make up
+ * the returned output
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_salt,
+ size_t salt_length,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/**
+ * \brief A function that decrypts a short message with an asymmetric private
+ * key in a secure element.
+ *
+ * \param[in] key_slot Key slot of an asymmetric key pair
+ * \param[in] alg An asymmetric encryption algorithm that is
+ * compatible with the type of `key`
+ * \param[in] p_input The message to decrypt
+ * \param[in] input_length Size of the `p_input` buffer in bytes
+ * \param[in] p_salt A salt or label, if supported by the
+ * encryption algorithm
+ * If the algorithm does not support a
+ * salt, pass `NULL`.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass `NULL`.
+ * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param[in] salt_length Size of the `p_salt` buffer in bytes
+ * If `p_salt` is `NULL`, pass 0.
+ * \param[out] p_output Buffer where the decrypted message is to
+ * be written
+ * \param[in] output_size Size of the `p_output` buffer in bytes
+ * \param[out] p_output_length On success, the number of bytes
+ * that make up the returned output
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t *p_input,
+ size_t input_length,
+ const uint8_t *p_salt,
+ size_t salt_length,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/**
+ * \brief A struct containing all of the function pointers needed to implement
+ * asymmetric cryptographic operations using secure elements.
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup or at build time.
+ *
+ * If one of the functions is not implemented, it should be set to NULL.
+ */
+typedef struct {
+ /** Function that performs an asymmetric sign operation */
+ psa_drv_se_asymmetric_sign_t p_sign;
+ /** Function that performs an asymmetric verify operation */
+ psa_drv_se_asymmetric_verify_t p_verify;
+ /** Function that performs an asymmetric encrypt operation */
+ psa_drv_se_asymmetric_encrypt_t p_encrypt;
+ /** Function that performs an asymmetric decrypt operation */
+ psa_drv_se_asymmetric_decrypt_t p_decrypt;
+} psa_drv_se_asymmetric_t;
+
+/**@}*/
+
+/** \defgroup se_aead Secure Element Authenticated Encryption with Additional Data
+ * Authenticated Encryption with Additional Data (AEAD) operations with secure
+ * elements must be done in one function call. While this creates a burden for
+ * implementers as there must be sufficient space in memory for the entire
+ * message, it prevents decrypted data from being made available before the
+ * authentication operation is complete and the data is known to be authentic.
+ */
+/**@{*/
+
+/** \brief A function that performs a secure element authenticated encryption
+ * operation
+ *
+ * \param[in] key_slot Slot containing the key to use.
+ * \param[in] algorithm The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(`alg`) is true)
+ * \param[in] p_nonce Nonce or IV to use
+ * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
+ * \param[in] p_additional_data Additional data that will be
+ * authenticated but not encrypted
+ * \param[in] additional_data_length Size of `p_additional_data` in bytes
+ * \param[in] p_plaintext Data that will be authenticated and
+ * encrypted
+ * \param[in] plaintext_length Size of `p_plaintext` in bytes
+ * \param[out] p_ciphertext Output buffer for the authenticated and
+ * encrypted data. The additional data is
+ * not part of this output. For algorithms
+ * where the encrypted data and the
+ * authentication tag are defined as
+ * separate outputs, the authentication
+ * tag is appended to the encrypted data.
+ * \param[in] ciphertext_size Size of the `p_ciphertext` buffer in
+ * bytes
+ * \param[out] p_ciphertext_length On success, the size of the output in
+ * the `p_ciphertext` buffer
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t algorithm,
+ const uint8_t *p_nonce,
+ size_t nonce_length,
+ const uint8_t *p_additional_data,
+ size_t additional_data_length,
+ const uint8_t *p_plaintext,
+ size_t plaintext_length,
+ uint8_t *p_ciphertext,
+ size_t ciphertext_size,
+ size_t *p_ciphertext_length);
+
+/** A function that peforms a secure element authenticated decryption operation
+ *
+ * \param[in] key_slot Slot containing the key to use
+ * \param[in] algorithm The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(`alg`) is true)
+ * \param[in] p_nonce Nonce or IV to use
+ * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
+ * \param[in] p_additional_data Additional data that has been
+ * authenticated but not encrypted
+ * \param[in] additional_data_length Size of `p_additional_data` in bytes
+ * \param[in] p_ciphertext Data that has been authenticated and
+ * encrypted.
+ * For algorithms where the encrypted data
+ * and the authentication tag are defined
+ * as separate inputs, the buffer must
+ * contain the encrypted data followed by
+ * the authentication tag.
+ * \param[in] ciphertext_length Size of `p_ciphertext` in bytes
+ * \param[out] p_plaintext Output buffer for the decrypted data
+ * \param[in] plaintext_size Size of the `p_plaintext` buffer in
+ * bytes
+ * \param[out] p_plaintext_length On success, the size of the output in
+ * the `p_plaintext` buffer
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_key_slot_number_t key_slot,
+ psa_algorithm_t algorithm,
+ const uint8_t *p_nonce,
+ size_t nonce_length,
+ const uint8_t *p_additional_data,
+ size_t additional_data_length,
+ const uint8_t *p_ciphertext,
+ size_t ciphertext_length,
+ uint8_t *p_plaintext,
+ size_t plaintext_size,
+ size_t *p_plaintext_length);
+
+/**
+ * \brief A struct containing all of the function pointers needed to implement
+ * secure element Authenticated Encryption with Additional Data operations
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup.
+ *
+ * If one of the functions is not implemented, it should be set to NULL.
+ */
+typedef struct {
+ /** Function that performs the AEAD encrypt operation */
+ psa_drv_se_aead_encrypt_t p_encrypt;
+ /** Function that performs the AEAD decrypt operation */
+ psa_drv_se_aead_decrypt_t p_decrypt;
+} psa_drv_se_aead_t;
+/**@}*/
+
+/** \defgroup se_key_management Secure Element Key Management
+ * Currently, key management is limited to importing keys in the clear,
+ * destroying keys, and exporting keys in the clear.
+ * Whether a key may be exported is determined by the key policies in place
+ * on the key slot.
+ */
+/**@{*/
+
+/** \brief A function that imports a key into a secure element in binary format
+ *
+ * This function can support any output from psa_export_key(). Refer to the
+ * documentation of psa_export_key() for the format for each key type.
+ *
+ * \param[in] key_slot Slot where the key will be stored
+ * This must be a valid slot for a key of the chosen
+ * type. It must be unoccupied.
+ * \param[in] lifetime The required lifetime of the key storage
+ * \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value)
+ * \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value)
+ * \param[in] usage The allowed uses of the key
+ * \param[in] p_data Buffer containing the key data
+ * \param[in] data_length Size of the `data` buffer in bytes
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ */
+typedef psa_status_t (*psa_drv_se_import_key_t)(psa_key_slot_number_t key_slot,
+ psa_key_lifetime_t lifetime,
+ psa_key_type_t type,
+ psa_algorithm_t algorithm,
+ psa_key_usage_t usage,
+ const uint8_t *p_data,
+ size_t data_length);
+
+/**
+ * \brief A function that destroys a secure element key and restore the slot to
+ * its default state
+ *
+ * This function destroys the content of the key from a secure element.
+ * Implementations shall make a best effort to ensure that any previous content
+ * of the slot is unrecoverable.
+ *
+ * This function returns the specified slot to its default state.
+ *
+ * \param[in] key_slot The key slot to erase.
+ *
+ * \retval #PSA_SUCCESS
+ * The slot's content, if any, has been erased.
+ */
+typedef psa_status_t (*psa_drv_se_destroy_key_t)(psa_key_slot_number_t key);
+
+/**
+ * \brief A function that exports a secure element key in binary format
+ *
+ * The output of this function can be passed to psa_import_key() to
+ * create an equivalent object.
+ *
+ * If a key is created with `psa_import_key()` and then exported with
+ * this function, it is not guaranteed that the resulting data is
+ * identical: the implementation may choose a different representation
+ * of the same key if the format permits it.
+ *
+ * This function should generate output in the same format that
+ * `psa_export_key()` does. Refer to the
+ * documentation of `psa_export_key()` for the format for each key type.
+ *
+ * \param[in] key Slot whose content is to be exported. This must
+ * be an occupied key slot.
+ * \param[out] p_data Buffer where the key data is to be written.
+ * \param[in] data_size Size of the `p_data` buffer in bytes.
+ * \param[out] p_data_length On success, the number of bytes
+ * that make up the key data.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+typedef psa_status_t (*psa_drv_se_export_key_t)(psa_key_slot_number_t key,
+ uint8_t *p_data,
+ size_t data_size,
+ size_t *p_data_length);
+
+/**
+ * \brief A function that generates a symmetric or asymmetric key on a secure
+ * element
+ *
+ * If \p type is asymmetric (`#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) == 1`),
+ * the public component of the generated key will be placed in `p_pubkey_out`.
+ * The format of the public key information will match the format specified for
+ * the psa_export_key() function for the key type.
+ *
+ * \param[in] key_slot Slot where the generated key will be placed
+ * \param[in] type The type of the key to be generated
+ * \param[in] usage The prescribed usage of the generated key
+ * Note: Not all Secure Elements support the same
+ * restrictions that PSA Crypto does (and vice versa).
+ * Driver developers should endeavor to match the
+ * usages as close as possible.
+ * \param[in] bits The size in bits of the key to be generated.
+ * \param[in] extra Extra parameters for key generation. The
+ * interpretation of this parameter should match the
+ * interpretation in the `extra` parameter is the
+ * `psa_generate_key` function
+ * \param[in] extra_size The size in bytes of the \p extra buffer
+ * \param[out] p_pubkey_out The buffer where the public key information will
+ * be placed
+ * \param[in] pubkey_out_size The size in bytes of the `p_pubkey_out` buffer
+ * \param[out] p_pubkey_length Upon successful completion, will contain the
+ * size of the data placed in `p_pubkey_out`.
+ */
+typedef psa_status_t (*psa_drv_se_generate_key_t)(psa_key_slot_number_t key_slot,
+ psa_key_type_t type,
+ psa_key_usage_t usage,
+ size_t bits,
+ const void *extra,
+ size_t extra_size,
+ uint8_t *p_pubkey_out,
+ size_t pubkey_out_size,
+ size_t *p_pubkey_length);
+
+/**
+ * \brief A struct containing all of the function pointers needed to for secure
+ * element key management
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup or at build time.
+ *
+ * If one of the functions is not implemented, it should be set to NULL.
+ */
+typedef struct {
+ /** Function that performs a key import operation */
+ psa_drv_se_import_key_t p_import;
+ /** Function that performs a generation */
+ psa_drv_se_generate_key_t p_generate;
+ /** Function that performs a key destroy operation */
+ psa_drv_se_destroy_key_t p_destroy;
+ /** Function that performs a key export operation */
+ psa_drv_se_export_key_t p_export;
+} psa_drv_se_key_management_t;
+
+/**@}*/
+
+/** \defgroup driver_derivation Secure Element Key Derivation and Agreement
+ * Key derivation is the process of generating new key material using an
+ * existing key and additional parameters, iterating through a basic
+ * cryptographic function, such as a hash.
+ * Key agreement is a part of cryptographic protocols that allows two parties
+ * to agree on the same key value, but starting from different original key
+ * material.
+ * The flows are similar, and the PSA Crypto Driver Model uses the same functions
+ * for both of the flows.
+ *
+ * There are two different final functions for the flows,
+ * `psa_drv_se_key_derivation_derive` and `psa_drv_se_key_derivation_export`.
+ * `psa_drv_se_key_derivation_derive` is used when the key material should be
+ * placed in a slot on the hardware and not exposed to the caller.
+ * `psa_drv_se_key_derivation_export` is used when the key material should be
+ * returned to the PSA Cryptographic API implementation.
+ *
+ * Different key derivation algorithms require a different number of inputs.
+ * Instead of having an API that takes as input variable length arrays, which
+ * can be problemmatic to manage on embedded platforms, the inputs are passed
+ * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
+ * is called multiple times with different `collateral_id`s. Thus, for a key
+ * derivation algorithm that required 3 paramter inputs, the flow would look
+ * something like:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_0,
+ * p_collateral_0,
+ * collateral_0_size);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_1,
+ * p_collateral_1,
+ * collateral_1_size);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_2,
+ * p_collateral_2,
+ * collateral_2_size);
+ * psa_drv_se_key_derivation_derive();
+ * ~~~~~~~~~~~~~
+ *
+ * key agreement example:
+ * ~~~~~~~~~~~~~{.c}
+ * psa_drv_se_key_derivation_setup(alg, source_key. dest_key_size_bytes);
+ * psa_drv_se_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
+ * psa_drv_se_key_derivation_export(p_session_key,
+ * session_key_size,
+ * &session_key_length);
+ * ~~~~~~~~~~~~~
+ */
+/**@{*/
+
+/** \brief A function that Sets up a secure element key derivation operation by
+ * specifying the algorithm and the source key sot
+ *
+ * \param[in,out] p_context A hardware-specific structure containing any
+ * context information for the implementation
+ * \param[in] kdf_alg The algorithm to be used for the key derivation
+ * \param[in] souce_key The key to be used as the source material for the
+ * key derivation
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(void *p_context,
+ psa_algorithm_t kdf_alg,
+ psa_key_slot_number_t source_key);
+
+/** \brief A function that provides collateral (parameters) needed for a secure
+ * element key derivation or key agreement operation
+ *
+ * Since many key derivation algorithms require multiple parameters, it is
+ * expeced that this function may be called multiple times for the same
+ * operation, each with a different algorithm-specific `collateral_id`
+ *
+ * \param[in,out] p_context A hardware-specific structure containing any
+ * context information for the implementation
+ * \param[in] collateral_id An ID for the collateral being provided
+ * \param[in] p_collateral A buffer containing the collateral data
+ * \param[in] collateral_size The size in bytes of the collateral
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *p_context,
+ uint32_t collateral_id,
+ const uint8_t *p_collateral,
+ size_t collateral_size);
+
+/** \brief A function that performs the final secure element key derivation
+ * step and place the generated key material in a slot
+ *
+ * \param[in,out] p_context A hardware-specific structure containing any
+ * context information for the implementation
+ * \param[in] dest_key The slot where the generated key material
+ * should be placed
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *p_context,
+ psa_key_slot_number_t dest_key);
+
+/** \brief A function that performs the final step of a secure element key
+ * agreement and place the generated key material in a buffer
+ *
+ * \param[out] p_output Buffer in which to place the generated key
+ * material
+ * \param[in] output_size The size in bytes of `p_output`
+ * \param[out] p_output_length Upon success, contains the number of bytes of
+ * key material placed in `p_output`
+ *
+ * \retval PSA_SUCCESS
+ */
+typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *p_context,
+ uint8_t *p_output,
+ size_t output_size,
+ size_t *p_output_length);
+
+/**
+ * \brief A struct containing all of the function pointers needed to for secure
+ * element key derivation and agreement
+ *
+ * PSA Crypto API implementations should populate instances of the table as
+ * appropriate upon startup.
+ *
+ * If one of the functions is not implemented, it should be set to NULL.
+ */
+typedef struct {
+ /** The driver-specific size of the key derivation context */
+ size_t context_size;
+ /** Function that performs a key derivation setup */
+ psa_drv_se_key_derivation_setup_t p_setup;
+ /** Function that sets key derivation collateral */
+ psa_drv_se_key_derivation_collateral_t p_collateral;
+ /** Function that performs a final key derivation step */
+ psa_drv_se_key_derivation_derive_t p_derive;
+ /** Function that perforsm a final key derivation or agreement and
+ * exports the key */
+ psa_drv_se_key_derivation_export_t p_export;
+} psa_drv_se_key_derivation_t;
+
+/**@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_SE_DRIVER_H */
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
new file mode 100644
index 0000000..34664fc
--- /dev/null
+++ b/include/psa/crypto_sizes.h
@@ -0,0 +1,580 @@
+/**
+ * \file psa/crypto_sizes.h
+ *
+ * \brief PSA cryptography module: Mbed TLS buffer size macros
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file contains the definitions of macros that are useful to
+ * compute buffer sizes. The signatures and semantics of these macros
+ * are standardized, but the definitions are not, because they depend on
+ * the available algorithms and, in some cases, on permitted tolerances
+ * on buffer sizes.
+ *
+ * In implementations with isolation between the application and the
+ * cryptography module, implementers should take care to ensure that
+ * the definitions that are exposed to applications match what the
+ * module implements.
+ *
+ * Macros that compute sizes whose values do not depend on the
+ * implementation are in crypto.h.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SIZES_H
+#define PSA_CRYPTO_SIZES_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
+#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+
+/** The size of the output of psa_hash_finish(), in bytes.
+ *
+ * This is also the hash size that psa_hash_verify() expects.
+ *
+ * \param alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p alg) is true), or an HMAC algorithm
+ * (#PSA_ALG_HMAC(\c hash_alg) where \c hash_alg is a
+ * hash algorithm).
+ *
+ * \return The hash size for the specified hash algorithm.
+ * If the hash algorithm is not recognized, return 0.
+ * An implementation may return either 0 or the correct size
+ * for a hash algorithm that it recognizes, but does not support.
+ */
+#define PSA_HASH_SIZE(alg) \
+ ( \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
+ 0)
+
+/** \def PSA_HASH_MAX_SIZE
+ *
+ * Maximum size of a hash.
+ *
+ * This macro must expand to a compile-time constant integer. This value
+ * should be the maximum size of a hash supported by the implementation,
+ * in bytes, and must be no smaller than this maximum.
+ */
+/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
+ * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
+ * HMAC-SHA3-512. */
+#if defined(MBEDTLS_SHA512_C)
+#define PSA_HASH_MAX_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#else
+#define PSA_HASH_MAX_SIZE 32
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#endif
+
+/** \def PSA_MAC_MAX_SIZE
+ *
+ * Maximum size of a MAC.
+ *
+ * This macro must expand to a compile-time constant integer. This value
+ * should be the maximum size of a MAC supported by the implementation,
+ * in bytes, and must be no smaller than this maximum.
+ */
+/* All non-HMAC MACs have a maximum size that's smaller than the
+ * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
+/* Note that the encoding of truncated MAC algorithms limits this value
+ * to 64 bytes.
+ */
+#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
+
+/** The tag size for an AEAD algorithm, in bytes.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return The tag size for the specified algorithm.
+ * If the AEAD algorithm does not have an identified
+ * tag that can be distinguished from the rest of
+ * the ciphertext, return 0.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_TAG_LENGTH(alg) \
+ (PSA_ALG_IS_AEAD(alg) ? \
+ (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
+ 0)
+
+/* The maximum size of an RSA key on this implementation, in bits.
+ * This is a vendor-specific macro.
+ *
+ * Mbed TLS does not set a hard limit on the size of RSA keys: any key
+ * whose parameters fit in a bignum is accepted. However large keys can
+ * induce a large memory usage and long computation times. Unlike other
+ * auxiliary macros in this file and in crypto.h, which reflect how the
+ * library is configured, this macro defines how the library is
+ * configured. This implementation refuses to import or generate an
+ * RSA key whose size is larger than the value defined here.
+ *
+ * Note that an implementation may set different size limits for different
+ * operations, and does not need to accept all key sizes up to the limit. */
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+
+/* The maximum size of an ECC key on this implementation, in bits.
+ * This is a vendor-specific macro. */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#else
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#endif
+
+/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
+ *
+ * This macro returns the maximum length of the PSK supported
+ * by the TLS-1.2 PSK-to-MS key derivation.
+ *
+ * Quoting RFC 4279, Sect 5.3:
+ * TLS implementations supporting these ciphersuites MUST support
+ * arbitrary PSK identities up to 128 octets in length, and arbitrary
+ * PSKs up to 64 octets in length. Supporting longer identities and
+ * keys is RECOMMENDED.
+ *
+ * Therefore, no implementation should define a value smaller than 64
+ * for #PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN.
+ */
+#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
+
+/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
+ *
+ * Maximum size of an asymmetric signature.
+ *
+ * This macro must expand to a compile-time constant integer. This value
+ * should be the maximum size of a MAC supported by the implementation,
+ * in bytes, and must be no smaller than this maximum.
+ */
+#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
+ PSA_BITS_TO_BYTES( \
+ PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
+ PSA_VENDOR_RSA_MAX_KEY_BITS : \
+ PSA_VENDOR_ECC_MAX_CURVE_BITS \
+ )
+
+/** The maximum size of a block cipher supported by the implementation. */
+#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
+
+/** The size of the output of psa_mac_sign_finish(), in bytes.
+ *
+ * This is also the MAC size that psa_mac_verify_finish() expects.
+ *
+ * \param key_type The type of the MAC key.
+ * \param key_bits The size of the MAC key in bits.
+ * \param alg A MAC algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_MAC(alg) is true).
+ *
+ * \return The MAC size for the specified algorithm with
+ * the specified key parameters.
+ * \return 0 if the MAC algorithm is not recognized.
+ * \return Either 0 or the correct size for a MAC algorithm that
+ * the implementation recognizes, but does not support.
+ * \return Unspecified if the key parameters are not consistent
+ * with the algorithm.
+ */
+#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
+ ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
+ PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
+ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
+ ((void)(key_type), (void)(key_bits), 0))
+
+/** The maximum size of the output of psa_aead_encrypt(), in bytes.
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_encrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the ciphertext may be smaller.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param plaintext_length Size of the plaintext in bytes.
+ *
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
+ (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
+ (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
+ 0)
+
+/** The maximum size of the output of psa_aead_decrypt(), in bytes.
+ *
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_decrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the plaintext may be smaller.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param ciphertext_length Size of the plaintext in bytes.
+ *
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
+ (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
+ (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
+ 0)
+
+#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
+ (PSA_ALG_IS_RSA_OAEP(alg) ? \
+ 2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
+ 11 /*PKCS#1v1.5*/)
+
+/**
+ * \brief ECDSA signature size for a given curve bit size
+ *
+ * \param curve_bits Curve size in bits.
+ * \return Signature size in bytes.
+ *
+ * \note This macro returns a compile-time constant if its argument is one.
+ */
+#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
+ (PSA_BITS_TO_BYTES(curve_bits) * 2)
+
+/** Safe signature buffer size for psa_asymmetric_sign().
+ *
+ * This macro returns a safe buffer size for a signature using a key
+ * of the specified type and size, with the specified algorithm.
+ * Note that the actual size of the signature may be smaller
+ * (some algorithms produce a variable-size signature).
+ *
+ * \warning This function may call its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type An asymmetric key type (this may indifferently be a
+ * key pair type or a public key type).
+ * \param key_bits The size of the key in bits.
+ * \param alg The signature algorithm.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_asymmetric_sign() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported
+ * by the implementation, this macro either shall return either a
+ * sensible size or 0.
+ * If the parameters are not valid, the
+ * return value is unspecified.
+ */
+#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
+ ((void)alg, 0))
+
+/** Safe output buffer size for psa_asymmetric_encrypt().
+ *
+ * This macro returns a safe buffer size for a ciphertext produced using
+ * a key of the specified type and size, with the specified algorithm.
+ * Note that the actual size of the ciphertext may be smaller, depending
+ * on the algorithm.
+ *
+ * \warning This function may call its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type An asymmetric key type (this may indifferently be a
+ * key pair type or a public key type).
+ * \param key_bits The size of the key in bits.
+ * \param alg The signature algorithm.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_asymmetric_encrypt() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported
+ * by the implementation, this macro either shall return either a
+ * sensible size or 0.
+ * If the parameters are not valid, the
+ * return value is unspecified.
+ */
+#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? \
+ ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ 0)
+
+/** Safe output buffer size for psa_asymmetric_decrypt().
+ *
+ * This macro returns a safe buffer size for a ciphertext produced using
+ * a key of the specified type and size, with the specified algorithm.
+ * Note that the actual size of the ciphertext may be smaller, depending
+ * on the algorithm.
+ *
+ * \warning This function may call its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type An asymmetric key type (this may indifferently be a
+ * key pair type or a public key type).
+ * \param key_bits The size of the key in bits.
+ * \param alg The signature algorithm.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_asymmetric_decrypt() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported
+ * by the implementation, this macro either shall return either a
+ * sensible size or 0.
+ * If the parameters are not valid, the
+ * return value is unspecified.
+ */
+#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? \
+ PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
+ 0)
+
+/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
+ * number of bits.
+ *
+ * This definition assumes that bits <= 2^19 - 9 so that the length field
+ * is at most 3 bytes. The length of the encoding is the length of the
+ * bit string padded to a whole number of bytes plus:
+ * - 1 type byte;
+ * - 1 to 3 length bytes;
+ * - 0 to 1 bytes of leading 0 due to the sign bit.
+ */
+#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
+ ((bits) / 8 + 5)
+
+/* Maximum size of the export encoding of an RSA public key.
+ * Assumes that the public exponent is less than 2^32.
+ *
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ *
+ * - 4 bytes of SEQUENCE overhead;
+ * - n : INTEGER;
+ * - 7 bytes for the public exponent.
+ */
+#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
+
+/* Maximum size of the export encoding of an RSA key pair.
+ * Assumes thatthe public exponent is less than 2^32 and that the size
+ * difference between the two primes is at most 1 bit.
+ *
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version, -- 0
+ * modulus INTEGER, -- N-bit
+ * publicExponent INTEGER, -- 32-bit
+ * privateExponent INTEGER, -- N-bit
+ * prime1 INTEGER, -- N/2-bit
+ * prime2 INTEGER, -- N/2-bit
+ * exponent1 INTEGER, -- N/2-bit
+ * exponent2 INTEGER, -- N/2-bit
+ * coefficient INTEGER, -- N/2-bit
+ * }
+ *
+ * - 4 bytes of SEQUENCE overhead;
+ * - 3 bytes of version;
+ * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
+ * overapproximated as 9 half-size INTEGERS;
+ * - 7 bytes for the public exponent.
+ */
+#define PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) \
+ (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
+
+/* Maximum size of the export encoding of a DSA public key.
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING } -- contains DSAPublicKey
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
+ * DSAPublicKey ::= INTEGER -- public key, Y
+ *
+ * - 3 * 4 bytes of SEQUENCE overhead;
+ * - 1 + 1 + 7 bytes of algorithm (DSA OID);
+ * - 4 bytes of BIT STRING overhead;
+ * - 3 full-size INTEGERs (p, g, y);
+ * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
+ */
+#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
+
+/* Maximum size of the export encoding of a DSA key pair.
+ *
+ * DSAPrivateKey ::= SEQUENCE {
+ * version Version, -- 0
+ * prime INTEGER, -- p
+ * subprime INTEGER, -- q
+ * generator INTEGER, -- g
+ * public INTEGER, -- y
+ * private INTEGER, -- x
+ * }
+ *
+ * - 4 bytes of SEQUENCE overhead;
+ * - 3 bytes of version;
+ * - 3 full-size INTEGERs (p, g, y);
+ * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
+ */
+#define PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) \
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
+
+/* Maximum size of the export encoding of an ECC public key.
+ *
+ * The representation of an ECC public key is:
+ * - The byte 0x04;
+ * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - where m is the bit size associated with the curve.
+ *
+ * - 1 byte + 2 * point size.
+ */
+#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
+
+/* Maximum size of the export encoding of an ECC key pair.
+ *
+ * An ECC key pair is represented by the secret value.
+ */
+#define PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
+/** Safe output buffer size for psa_export_key() or psa_export_public_key().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * \warning This function may call its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * The following code illustrates how to allocate enough memory to export
+ * a key by querying the key type and size at runtime.
+ * \code{c}
+ * psa_key_type_t key_type;
+ * size_t key_bits;
+ * psa_status_t status;
+ * status = psa_get_key_information(key, &key_type, &key_bits);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
+ * unsigned char *buffer = malloc(buffer_size);
+ * if (buffer != NULL) handle_error(...);
+ * size_t buffer_length;
+ * status = psa_export_key(key, buffer, buffer_size, &buffer_length);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * \endcode
+ *
+ * For psa_export_public_key(), calculate the buffer size from the
+ * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR
+ * to convert a key pair type to the corresponding public key type.
+ * \code{c}
+ * psa_key_type_t key_type;
+ * size_t key_bits;
+ * psa_status_t status;
+ * status = psa_get_key_information(key, &key_type, &key_bits);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(key_type);
+ * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
+ * unsigned char *buffer = malloc(buffer_size);
+ * if (buffer != NULL) handle_error(...);
+ * size_t buffer_length;
+ * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * \endcode
+ *
+ * \param key_type A supported key type.
+ * \param key_bits The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_asymmetric_sign() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported
+ * by the implementation, this macro either shall return either a
+ * sensible size or 0.
+ * If the parameters are not valid, the
+ * return value is unspecified.
+ */
+#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_RSA_KEYPAIR ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_DSA_KEYPAIR ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC_KEYPAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ 0)
+
+#endif /* PSA_CRYPTO_SIZES_H */
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
new file mode 100644
index 0000000..ee3ecd7
--- /dev/null
+++ b/include/psa/crypto_struct.h
@@ -0,0 +1,240 @@
+/**
+ * \file psa/crypto_struct.h
+ *
+ * \brief PSA cryptography module: Mbed TLS structured type implementations
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file contains the definitions of some data structures with
+ * implementation-specific definitions.
+ *
+ * In implementations with isolation between the application and the
+ * cryptography module, it is expected that the front-end and the back-end
+ * would have different versions of this file.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_STRUCT_H
+#define PSA_CRYPTO_STRUCT_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+
+struct psa_hash_operation_s
+{
+ psa_algorithm_t alg;
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_MD2_C)
+ mbedtls_md2_context md2;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ mbedtls_md4_context md4;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ mbedtls_md5_context md5;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ mbedtls_ripemd160_context ripemd160;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ mbedtls_sha1_context sha1;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ mbedtls_sha256_context sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ mbedtls_sha512_context sha512;
+#endif
+ } ctx;
+};
+
+#define PSA_HASH_OPERATION_INIT {0, {0}}
+static inline struct psa_hash_operation_s psa_hash_operation_init( void )
+{
+ const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
+ return( v );
+}
+
+#if defined(MBEDTLS_MD_C)
+typedef struct
+{
+ /** The hash context. */
+ struct psa_hash_operation_s hash_ctx;
+ /** The HMAC part of the context. */
+ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+} psa_hmac_internal_data;
+#endif /* MBEDTLS_MD_C */
+
+struct psa_mac_operation_s
+{
+ psa_algorithm_t alg;
+ unsigned int key_set : 1;
+ unsigned int iv_required : 1;
+ unsigned int iv_set : 1;
+ unsigned int has_input : 1;
+ unsigned int is_sign : 1;
+ uint8_t mac_size;
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_MD_C)
+ psa_hmac_internal_data hmac;
+#endif
+#if defined(MBEDTLS_CMAC_C)
+ mbedtls_cipher_context_t cmac;
+#endif
+ } ctx;
+};
+
+#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
+static inline struct psa_mac_operation_s psa_mac_operation_init( void )
+{
+ const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
+ return( v );
+}
+
+struct psa_cipher_operation_s
+{
+ psa_algorithm_t alg;
+ unsigned int key_set : 1;
+ unsigned int iv_required : 1;
+ unsigned int iv_set : 1;
+ uint8_t iv_size;
+ uint8_t block_size;
+ union
+ {
+ unsigned dummy; /* Enable easier initializing of the union. */
+ mbedtls_cipher_context_t cipher;
+ } ctx;
+};
+
+#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}}
+static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
+{
+ const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
+ return( v );
+}
+
+#if defined(MBEDTLS_MD_C)
+typedef struct
+{
+ uint8_t *info;
+ size_t info_length;
+ psa_hmac_internal_data hmac;
+ uint8_t prk[PSA_HASH_MAX_SIZE];
+ uint8_t output_block[PSA_HASH_MAX_SIZE];
+#if PSA_HASH_MAX_SIZE > 0xff
+#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
+#endif
+ uint8_t offset_in_block;
+ uint8_t block_number;
+} psa_hkdf_generator_t;
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD_C)
+typedef struct psa_tls12_prf_generator_s
+{
+ /* The TLS 1.2 PRF uses the key for each HMAC iteration,
+ * hence we must store it for the lifetime of the generator.
+ * This is different from HKDF, where the key is only used
+ * in the extraction phase, but not during expansion. */
+ unsigned char *key;
+ size_t key_len;
+
+ /* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
+ uint8_t *Ai_with_seed;
+ size_t Ai_with_seed_len;
+
+ /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
+ uint8_t output_block[PSA_HASH_MAX_SIZE];
+
+#if PSA_HASH_MAX_SIZE > 0xff
+#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
+#endif
+
+ /* Indicates how many bytes in the current HMAC block have
+ * already been read by the user. */
+ uint8_t offset_in_block;
+
+ /* The 1-based number of the block. */
+ uint8_t block_number;
+
+} psa_tls12_prf_generator_t;
+#endif /* MBEDTLS_MD_C */
+
+struct psa_crypto_generator_s
+{
+ psa_algorithm_t alg;
+ size_t capacity;
+ union
+ {
+ struct
+ {
+ uint8_t *data;
+ size_t size;
+ } buffer;
+#if defined(MBEDTLS_MD_C)
+ psa_hkdf_generator_t hkdf;
+ psa_tls12_prf_generator_t tls12_prf;
+#endif
+ } ctx;
+};
+
+#define PSA_CRYPTO_GENERATOR_INIT {0, 0, {{0, 0}}}
+static inline struct psa_crypto_generator_s psa_crypto_generator_init( void )
+{
+ const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT;
+ return( v );
+}
+
+struct psa_key_policy_s
+{
+ psa_key_usage_t usage;
+ psa_algorithm_t alg;
+};
+
+#define PSA_KEY_POLICY_INIT {0, 0}
+static inline struct psa_key_policy_s psa_key_policy_init( void )
+{
+ const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
+ return( v );
+}
+
+#endif /* PSA_CRYPTO_STRUCT_H */
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
new file mode 100644
index 0000000..923b94a
--- /dev/null
+++ b/include/psa/crypto_types.h
@@ -0,0 +1,113 @@
+/**
+ * \file psa/crypto_types.h
+ *
+ * \brief PSA cryptography module: type aliases.
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h. Drivers must include the appropriate driver
+ * header file.
+ *
+ * This file contains portable definitions of integral types for properties
+ * of cryptographic keys, designations of cryptographic algorithms, and
+ * error codes returned by the library.
+ *
+ * This header file does not declare any function.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_TYPES_H
+#define PSA_CRYPTO_TYPES_H
+
+#include <stdint.h>
+
+/** \defgroup error Error codes
+ * @{
+ */
+
+/**
+ * \brief Function return status.
+ *
+ * This is either #PSA_SUCCESS (which is zero), indicating success,
+ * or a nonzero value indicating that an error occurred. Errors are
+ * encoded as one of the \c PSA_ERROR_xxx values defined here.
+ * If #PSA_SUCCESS is already defined, it means that #psa_status_t
+ * is also defined in an external header, so prevent its multiple
+ * definition.
+ */
+#ifndef PSA_SUCCESS
+typedef int32_t psa_status_t;
+#endif
+
+/**@}*/
+
+/** \defgroup crypto_types Key and algorithm types
+ * @{
+ */
+
+/** \brief Encoding of a key type.
+ */
+typedef uint32_t psa_key_type_t;
+
+/** The type of PSA elliptic curve identifiers. */
+typedef uint16_t psa_ecc_curve_t;
+
+/** \brief Encoding of a cryptographic algorithm.
+ *
+ * For algorithms that can be applied to multiple key types, this type
+ * does not encode the key type. For example, for symmetric ciphers
+ * based on a block cipher, #psa_algorithm_t encodes the block cipher
+ * mode and the padding mode while the block cipher itself is encoded
+ * via #psa_key_type_t.
+ */
+typedef uint32_t psa_algorithm_t;
+
+/**@}*/
+
+/** \defgroup key_lifetimes Key lifetimes
+ * @{
+ */
+
+/** Encoding of key lifetimes.
+ */
+typedef uint32_t psa_key_lifetime_t;
+
+/** Encoding of identifiers of persistent keys.
+ */
+/* Implementation-specific quirk: The Mbed Crypto library can be built as
+ * part of a multi-client service that exposes the PSA Crypto API in each
+ * client and encodes the client identity in the key id argument of functions
+ * such as psa_open_key(). In this build configuration, we define
+ * psa_key_id_t in crypto_platform.h instead of here. */
+#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+typedef uint32_t psa_key_id_t;
+#endif
+
+/**@}*/
+
+/** \defgroup policy Key policies
+ * @{
+ */
+
+/** \brief Encoding of permitted usage on a key. */
+typedef uint32_t psa_key_usage_t;
+
+/**@}*/
+
+#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
new file mode 100644
index 0000000..d42d8c2
--- /dev/null
+++ b/include/psa/crypto_values.h
@@ -0,0 +1,1489 @@
+/**
+ * \file psa/crypto_values.h
+ *
+ * \brief PSA cryptography module: macros to build and analyze integer values.
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h. Drivers must include the appropriate driver
+ * header file.
+ *
+ * This file contains portable definitions of macros to build and analyze
+ * values of integral types that encode properties of cryptographic keys,
+ * designations of cryptographic algorithms, and error codes returned by
+ * the library.
+ *
+ * This header file only defines preprocessor macros.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_VALUES_H
+#define PSA_CRYPTO_VALUES_H
+
+/** \defgroup error Error codes
+ * @{
+ */
+
+/* PSA error codes */
+
+/** The action was completed successfully. */
+#define PSA_SUCCESS ((psa_status_t)0)
+
+/** An error occurred that does not correspond to any defined
+ * failure cause.
+ *
+ * Implementations may use this error code if none of the other standard
+ * error codes are applicable. */
+#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
+
+/** The requested operation or a parameter is not supported
+ * by this implementation.
+ *
+ * Implementations should return this error code when an enumeration
+ * parameter such as a key type, algorithm, etc. is not recognized.
+ * If a combination of parameters is recognized and identified as
+ * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
+#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
+
+/** The requested action is denied by a policy.
+ *
+ * Implementations should return this error code when the parameters
+ * are recognized as valid and supported, and a policy explicitly
+ * denies the requested operation.
+ *
+ * If a subset of the parameters of a function call identify a
+ * forbidden operation, and another subset of the parameters are
+ * not valid or not supported, it is unspecified whether the function
+ * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
+ * #PSA_ERROR_INVALID_ARGUMENT. */
+#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
+
+/** An output buffer is too small.
+ *
+ * Applications can call the \c PSA_xxx_SIZE macro listed in the function
+ * description to determine a sufficient buffer size.
+ *
+ * Implementations should preferably return this error code only
+ * in cases when performing the operation with a larger output
+ * buffer would succeed. However implementations may return this
+ * error if a function has invalid or unsupported parameters in addition
+ * to the parameters that determine the necessary output buffer size. */
+#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
+
+/** Asking for an item that already exists
+ *
+ * Implementations should return this error, when attempting
+ * to write an item (like a key) that already exists. */
+#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
+
+/** Asking for an item that doesn't exist
+ *
+ * Implementations should return this error, if a requested item (like
+ * a key) does not exist. */
+#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
+
+/** The requested action cannot be performed in the current state.
+ *
+ * Multipart operations return this error when one of the
+ * functions is called out of sequence. Refer to the function
+ * descriptions for permitted sequencing of functions.
+ *
+ * Implementations shall not return this error code to indicate
+ * that a key slot is occupied when it needs to be free or vice versa,
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
+ * as applicable. */
+#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
+
+/** The parameters passed to the function are invalid.
+ *
+ * Implementations may return this error any time a parameter or
+ * combination of parameters are recognized as invalid.
+ *
+ * Implementations shall not return this error code to indicate
+ * that a key slot is occupied when it needs to be free or vice versa,
+ * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
+ * as applicable.
+ *
+ * Implementation shall not return this error code to indicate that a
+ * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
+ * instead.
+ */
+#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
+
+/** There is not enough runtime memory.
+ *
+ * If the action is carried out across multiple security realms, this
+ * error can refer to available memory in any of the security realms. */
+#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
+
+/** There is not enough persistent storage.
+ *
+ * Functions that modify the key storage return this error code if
+ * there is insufficient storage space on the host media. In addition,
+ * many functions that do not otherwise access storage may return this
+ * error code if the implementation requires a mandatory log entry for
+ * the requested action and the log storage space is full. */
+#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
+
+/** There was a communication failure inside the implementation.
+ *
+ * This can indicate a communication failure between the application
+ * and an external cryptoprocessor or between the cryptoprocessor and
+ * an external volatile or persistent memory. A communication failure
+ * may be transient or permanent depending on the cause.
+ *
+ * \warning If a function returns this error, it is undetermined
+ * whether the requested action has completed or not. Implementations
+ * should return #PSA_SUCCESS on successful completion whenver
+ * possible, however functions may return #PSA_ERROR_COMMUNICATION_FAILURE
+ * if the requested action was completed successfully in an external
+ * cryptoprocessor but there was a breakdown of communication before
+ * the cryptoprocessor could report the status to the application.
+ */
+#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
+
+/** There was a storage failure that may have led to data loss.
+ *
+ * This error indicates that some persistent storage is corrupted.
+ * It should not be used for a corruption of volatile memory
+ * (use #PSA_ERROR_TAMPERING_DETECTED), for a communication error
+ * between the cryptoprocessor and its external storage (use
+ * #PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is
+ * in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE).
+ *
+ * Note that a storage failure does not indicate that any data that was
+ * previously read is invalid. However this previously read data may no
+ * longer be readable from storage.
+ *
+ * When a storage failure occurs, it is no longer possible to ensure
+ * the global integrity of the keystore. Depending on the global
+ * integrity guarantees offered by the implementation, access to other
+ * data may or may not fail even if the data is still readable but
+ * its integrity canont be guaranteed.
+ *
+ * Implementations should only use this error code to report a
+ * permanent storage corruption. However application writers should
+ * keep in mind that transient errors while reading the storage may be
+ * reported using this error code. */
+#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
+
+/** A hardware failure was detected.
+ *
+ * A hardware failure may be transient or permanent depending on the
+ * cause. */
+#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
+
+/** A tampering attempt was detected.
+ *
+ * If an application receives this error code, there is no guarantee
+ * that previously accessed or computed data was correct and remains
+ * confidential. Applications should not perform any security function
+ * and should enter a safe failure state.
+ *
+ * Implementations may return this error code if they detect an invalid
+ * state that cannot happen during normal operation and that indicates
+ * that the implementation's security guarantees no longer hold. Depending
+ * on the implementation architecture and on its security and safety goals,
+ * the implementation may forcibly terminate the application.
+ *
+ * This error code is intended as a last resort when a security breach
+ * is detected and it is unsure whether the keystore data is still
+ * protected. Implementations shall only return this error code
+ * to report an alarm from a tampering detector, to indicate that
+ * the confidentiality of stored data can no longer be guaranteed,
+ * or to indicate that the integrity of previously returned data is now
+ * considered compromised. Implementations shall not use this error code
+ * to indicate a hardware failure that merely makes it impossible to
+ * perform the requested operation (use #PSA_ERROR_COMMUNICATION_FAILURE,
+ * #PSA_ERROR_STORAGE_FAILURE, #PSA_ERROR_HARDWARE_FAILURE,
+ * #PSA_ERROR_INSUFFICIENT_ENTROPY or other applicable error code
+ * instead).
+ *
+ * This error indicates an attack against the application. Implementations
+ * shall not return this error code as a consequence of the behavior of
+ * the application itself. */
+#define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)-151)
+
+/** There is not enough entropy to generate random data needed
+ * for the requested action.
+ *
+ * This error indicates a failure of a hardware random generator.
+ * Application writers should note that this error can be returned not
+ * only by functions whose purpose is to generate random data, such
+ * as key, IV or nonce generation, but also by functions that execute
+ * an algorithm with a randomized result, as well as functions that
+ * use randomization of intermediate computations as a countermeasure
+ * to certain attacks.
+ *
+ * Implementations should avoid returning this error after psa_crypto_init()
+ * has succeeded. Implementations should generate sufficient
+ * entropy during initialization and subsequently use a cryptographically
+ * secure pseudorandom generator (PRNG). However implementations may return
+ * this error at any time if a policy requires the PRNG to be reseeded
+ * during normal operation. */
+#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
+
+/** The signature, MAC or hash is incorrect.
+ *
+ * Verification functions return this error if the verification
+ * calculations completed successfully, and the value to be verified
+ * was determined to be incorrect.
+ *
+ * If the value to verify has an invalid size, implementations may return
+ * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
+#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
+
+/** The decrypted padding is incorrect.
+ *
+ * \warning In some protocols, when decrypting data, it is essential that
+ * the behavior of the application does not depend on whether the padding
+ * is correct, down to precise timing. Applications should prefer
+ * protocols that use authenticated encryption rather than plain
+ * encryption. If the application must perform a decryption of
+ * unauthenticated data, the application writer should take care not
+ * to reveal whether the padding is invalid.
+ *
+ * Implementations should strive to make valid and invalid padding
+ * as close as possible to indistinguishable to an external observer.
+ * In particular, the timing of a decryption operation should not
+ * depend on the validity of the padding. */
+#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
+
+/** Return this error when there's insufficient data when attempting
+ * to read from a resource. */
+#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
+
+/** The key handle is not valid.
+ */
+#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
+
+/**@}*/
+
+/** \defgroup crypto_types Key and algorithm types
+ * @{
+ */
+
+/** An invalid key type value.
+ *
+ * Zero is not the encoding of any key type.
+ */
+#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x00000000)
+
+/** Vendor-defined flag
+ *
+ * Key types defined by this standard will never have the
+ * #PSA_KEY_TYPE_VENDOR_FLAG bit set. Vendors who define additional key types
+ * must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
+ * respect the bitwise structure used by standard encodings whenever practical.
+ */
+#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x80000000)
+
+#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x70000000)
+#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x40000000)
+#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x50000000)
+#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x60000000)
+#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x70000000)
+
+#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x10000000)
+
+/** Whether a key type is vendor-defined. */
+#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
+ (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
+
+/** Whether a key type is an unstructured array of bytes.
+ *
+ * This encompasses both symmetric keys and non-key data.
+ */
+#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK & ~(psa_key_type_t)0x10000000) == \
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
+
+/** Whether a key type is asymmetric: either a key pair or a public key. */
+#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
+ & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
+ PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
+/** Whether a key type is the public part of a key pair. */
+#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
+/** Whether a key type is a key pair containing a private part and a public
+ * part. */
+#define PSA_KEY_TYPE_IS_KEYPAIR(type) \
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
+/** The key pair type corresponding to a public key type.
+ *
+ * You may also pass a key pair type as \p type, it will be left unchanged.
+ *
+ * \param type A public key type or key pair type.
+ *
+ * \return The corresponding key pair type.
+ * If \p type is not a public key or a key pair,
+ * the return value is undefined.
+ */
+#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type) \
+ ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
+/** The public key type corresponding to a key pair type.
+ *
+ * You may also pass a key pair type as \p type, it will be left unchanged.
+ *
+ * \param type A public key type or key pair type.
+ *
+ * \return The corresponding public key type.
+ * If \p type is not a public key or a key pair,
+ * the return value is undefined.
+ */
+#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \
+ ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
+
+/** Raw data.
+ *
+ * A "key" of this type cannot be used for any cryptographic operation.
+ * Applications may use this type to store arbitrary data in the keystore. */
+#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x50000001)
+
+/** HMAC key.
+ *
+ * The key policy determines which underlying hash algorithm the key can be
+ * used for.
+ *
+ * HMAC keys should generally have the same size as the underlying hash.
+ * This size can be calculated with #PSA_HASH_SIZE(\c alg) where
+ * \c alg is the HMAC algorithm or the underlying hash algorithm. */
+#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x51000000)
+
+/** A secret for key derivation.
+ *
+ * The key policy determines which key derivation algorithm the key
+ * can be used for.
+ */
+#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
+
+/** Key for an cipher, AEAD or MAC algorithm based on the AES block cipher.
+ *
+ * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
+ * 32 bytes (AES-256).
+ */
+#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
+
+/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
+ *
+ * The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or
+ * 24 bytes (3-key 3DES).
+ *
+ * Note that single DES and 2-key 3DES are weak and strongly
+ * deprecated and should only be used to decrypt legacy data. 3-key 3DES
+ * is weak and deprecated and should only be used in legacy protocols.
+ */
+#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
+
+/** Key for an cipher, AEAD or MAC algorithm based on the
+ * Camellia block cipher. */
+#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x40000003)
+
+/** Key for the RC4 stream cipher.
+ *
+ * Note that RC4 is weak and deprecated and should only be used in
+ * legacy protocols. */
+#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004)
+
+/** RSA public key. */
+#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
+/** RSA key pair (private and public key). */
+#define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000)
+/** Whether a key type is an RSA key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_RSA(type) \
+ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
+
+/** DSA public key. */
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
+/** DSA key pair (private and public key). */
+#define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000)
+/** Whether a key type is an DSA key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DSA(type) \
+ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
+#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
+#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
+/** Elliptic curve key pair. */
+#define PSA_KEY_TYPE_ECC_KEYPAIR(curve) \
+ (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))
+/** Elliptic curve public key. */
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
+ (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
+
+/** Whether a key type is an elliptic curve key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_ECC(type) \
+ ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) & \
+ ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
+/** Whether a key type is an elliptic curve key pair. */
+#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type) \
+ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
+ PSA_KEY_TYPE_ECC_KEYPAIR_BASE)
+/** Whether a key type is an elliptic curve public key. */
+#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
+ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
+
+/** Extract the curve from an elliptic curve key type. */
+#define PSA_KEY_TYPE_GET_CURVE(type) \
+ ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
+ ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
+ 0))
+
+/* The encoding of curve identifiers is currently aligned with the
+ * TLS Supported Groups Registry (formerly known as the
+ * TLS EC Named Curve Registry)
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ * The values are defined by RFC 8422 and RFC 7027. */
+#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
+#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
+#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
+#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
+#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
+#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
+#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
+#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
+#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
+#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
+#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
+#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
+#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
+#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
+#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
+#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
+#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
+#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
+#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
+#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
+#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
+#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
+#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
+#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
+#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
+#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
+#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
+#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
+#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
+#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
+
+/** The block size of a block cipher.
+ *
+ * \param type A cipher key type (value of type #psa_key_type_t).
+ *
+ * \return The block size for a block cipher, or 1 for a stream cipher.
+ * The return value is undefined if \p type is not a supported
+ * cipher key type.
+ *
+ * \note It is possible to build stream cipher algorithms on top of a block
+ * cipher, for example CTR mode (#PSA_ALG_CTR).
+ * This macro only takes the key type into account, so it cannot be
+ * used to determine the size of the data that #psa_cipher_update()
+ * might buffer for future processing in general.
+ *
+ * \note This macro returns a compile-time constant if its argument is one.
+ *
+ * \warning This macro may evaluate its argument multiple times.
+ */
+#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
+ ( \
+ (type) == PSA_KEY_TYPE_AES ? 16 : \
+ (type) == PSA_KEY_TYPE_DES ? 8 : \
+ (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \
+ (type) == PSA_KEY_TYPE_ARC4 ? 1 : \
+ 0)
+
+#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
+#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
+#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x01000000)
+#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x02000000)
+#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
+#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000)
+#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000)
+#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
+#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000)
+#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000)
+#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000)
+
+#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
+ (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
+
+/** Whether the specified algorithm is a hash algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a hash algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_HASH(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
+
+/** Whether the specified algorithm is a MAC algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a MAC algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_MAC(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
+
+/** Whether the specified algorithm is a symmetric cipher algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a symmetric cipher algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_CIPHER(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
+
+/** Whether the specified algorithm is an authenticated encryption
+ * with associated data (AEAD) algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is an AEAD algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_AEAD(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
+
+/** Whether the specified algorithm is a public-key signature algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a public-key signature algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
+
+/** Whether the specified algorithm is a public-key encryption algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a public-key encryption algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
+
+#define PSA_ALG_KEY_SELECTION_FLAG ((psa_algorithm_t)0x01000000)
+/** Whether the specified algorithm is a key agreement algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a key agreement algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_KEY_AGREEMENT(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK & ~PSA_ALG_KEY_SELECTION_FLAG) == \
+ PSA_ALG_CATEGORY_KEY_AGREEMENT)
+
+/** Whether the specified algorithm is a key derivation algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a key derivation algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_KEY_DERIVATION(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
+
+/** Whether the specified algorithm is a key selection algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a key selection algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_KEY_SELECTION(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_SELECTION)
+
+#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
+
+#define PSA_ALG_MD2 ((psa_algorithm_t)0x01000001)
+#define PSA_ALG_MD4 ((psa_algorithm_t)0x01000002)
+#define PSA_ALG_MD5 ((psa_algorithm_t)0x01000003)
+#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x01000004)
+#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x01000005)
+/** SHA2-224 */
+#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x01000008)
+/** SHA2-256 */
+#define PSA_ALG_SHA_256 ((psa_algorithm_t)0x01000009)
+/** SHA2-384 */
+#define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0100000a)
+/** SHA2-512 */
+#define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0100000b)
+/** SHA2-512/224 */
+#define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0100000c)
+/** SHA2-512/256 */
+#define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0100000d)
+/** SHA3-224 */
+#define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x01000010)
+/** SHA3-256 */
+#define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x01000011)
+/** SHA3-384 */
+#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x01000012)
+/** SHA3-512 */
+#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013)
+
+/** In a hash-and-sign algorithm policy, allow any hash algorithm.
+ *
+ * This value may be used to form the algorithm usage field of a policy
+ * for a signature algorithm that is parametrized by a hash. The key
+ * may then be used to perform operations using the same signature
+ * algorithm parametrized with any supported hash.
+ *
+ * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
+ * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
+ * - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA,
+ * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
+ * Then you may create and use a key as follows:
+ * - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
+ * ```
+ * psa_key_policy_set_usage(&policy,
+ * PSA_KEY_USAGE_SIGN, //or PSA_KEY_USAGE_VERIFY
+ * PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
+ * psa_set_key_policy(handle, &policy);
+ * ```
+ * - Import or generate key material.
+ * - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing
+ * an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each
+ * call to sign or verify a message may use a different hash.
+ * ```
+ * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
+ * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
+ * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
+ * ```
+ *
+ * This value may not be used to build other algorithms that are
+ * parametrized over a hash. For any valid use of this macro to build
+ * an algorithm `\p alg`, #PSA_ALG_IS_HASH_AND_SIGN(\p alg) is true.
+ *
+ * This value may not be used to build an algorithm specification to
+ * perform an operation. It is only valid to build policies.
+ */
+#define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x010000ff)
+
+#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
+#define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x02800000)
+/** Macro to build an HMAC algorithm.
+ *
+ * For example, #PSA_ALG_HMAC(#PSA_ALG_SHA_256) is HMAC-SHA-256.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding HMAC algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_HMAC(hash_alg) \
+ (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is an HMAC algorithm.
+ *
+ * HMAC is a family of MAC algorithms that are based on a hash function.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is an HMAC algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_HMAC(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
+ PSA_ALG_HMAC_BASE)
+
+/* In the encoding of a MAC algorithm, the bits corresponding to
+ * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
+ * truncated. As an exception, the value 0 means the untruncated algorithm,
+ * whatever its length is. The length is encoded in 6 bits, so it can
+ * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
+ * to full length is correctly encoded as 0 and any non-trivial truncation
+ * is correctly encoded as a value between 1 and 63. */
+#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x00003f00)
+#define PSA_MAC_TRUNCATION_OFFSET 8
+
+/** Macro to build a truncated MAC algorithm.
+ *
+ * A truncated MAC algorithm is identical to the corresponding MAC
+ * algorithm except that the MAC value for the truncated algorithm
+ * consists of only the first \p mac_length bytes of the MAC value
+ * for the untruncated algorithm.
+ *
+ * \note This macro may allow constructing algorithm identifiers that
+ * are not valid, either because the specified length is larger
+ * than the untruncated MAC or because the specified length is
+ * smaller than permitted by the implementation.
+ *
+ * \note It is implementation-defined whether a truncated MAC that
+ * is truncated to the same length as the MAC of the untruncated
+ * algorithm is considered identical to the untruncated algorithm
+ * for policy comparison purposes.
+ *
+ * \param mac_alg A MAC algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * is true). This may be a truncated or untruncated
+ * MAC algorithm.
+ * \param mac_length Desired length of the truncated MAC in bytes.
+ * This must be at most the full length of the MAC
+ * and must be at least an implementation-specified
+ * minimum. The implementation-specified minimum
+ * shall not be zero.
+ *
+ * \return The corresponding MAC algorithm with the specified
+ * length.
+ * \return Unspecified if \p alg is not a supported
+ * MAC algorithm or if \p mac_length is too small or
+ * too large for the specified MAC algorithm.
+ */
+#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
+ (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \
+ ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
+
+/** Macro to build the base MAC algorithm corresponding to a truncated
+ * MAC algorithm.
+ *
+ * \param mac_alg A MAC algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * is true). This may be a truncated or untruncated
+ * MAC algorithm.
+ *
+ * \return The corresponding base MAC algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * MAC algorithm.
+ */
+#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
+ ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
+
+/** Length to which a MAC algorithm is truncated.
+ *
+ * \param mac_alg A MAC algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * is true).
+ *
+ * \return Length of the truncated MAC in bytes.
+ * \return 0 if \p alg is a non-truncated MAC algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * MAC algorithm.
+ */
+#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
+ (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
+
+#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000)
+#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001)
+#define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002)
+#define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003)
+
+/** Whether the specified algorithm is a MAC algorithm based on a block cipher.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a MAC algorithm based on a block cipher, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
+ PSA_ALG_CIPHER_MAC_BASE)
+
+#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
+#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+
+/** Whether the specified algorithm is a stream cipher.
+ *
+ * A stream cipher is a symmetric cipher that encrypts or decrypts messages
+ * by applying a bitwise-xor with a stream of bytes that is generated
+ * from a key.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a stream cipher algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier or if it is not a symmetric cipher algorithm.
+ */
+#define PSA_ALG_IS_STREAM_CIPHER(alg) \
+ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
+ (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
+
+/** The ARC4 stream cipher algorithm.
+ */
+#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800001)
+
+/** The CTR stream cipher mode.
+ *
+ * CTR is a stream cipher which is built from a block cipher.
+ * The underlying block cipher is determined by the key type.
+ * For example, to use AES-128-CTR, use this algorithm with
+ * a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).
+ */
+#define PSA_ALG_CTR ((psa_algorithm_t)0x04c00001)
+
+#define PSA_ALG_CFB ((psa_algorithm_t)0x04c00002)
+
+#define PSA_ALG_OFB ((psa_algorithm_t)0x04c00003)
+
+/** The XTS cipher mode.
+ *
+ * XTS is a cipher mode which is built from a block cipher. It requires at
+ * least one full block of input, but beyond this minimum the input
+ * does not need to be a whole number of blocks.
+ */
+#define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff)
+
+/** The CBC block cipher chaining mode, with no padding.
+ *
+ * The underlying block cipher is determined by the key type.
+ *
+ * This symmetric cipher mode can only be used with messages whose lengths
+ * are whole number of blocks for the chosen block cipher.
+ */
+#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04600100)
+
+/** The CBC block cipher chaining mode with PKCS#7 padding.
+ *
+ * The underlying block cipher is determined by the key type.
+ *
+ * This is the padding method defined by PKCS#7 (RFC 2315) §10.3.
+ */
+#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04600101)
+
+#define PSA_ALG_CCM ((psa_algorithm_t)0x06001001)
+#define PSA_ALG_GCM ((psa_algorithm_t)0x06001002)
+
+/* In the encoding of a AEAD algorithm, the bits corresponding to
+ * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
+ * The constants for default lengths follow this encoding.
+ */
+#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x00003f00)
+#define PSA_AEAD_TAG_LENGTH_OFFSET 8
+
+/** Macro to build a shortened AEAD algorithm.
+ *
+ * A shortened AEAD algorithm is similar to the corresponding AEAD
+ * algorithm, but has an authentication tag that consists of fewer bytes.
+ * Depending on the algorithm, the tag length may affect the calculation
+ * of the ciphertext.
+ *
+ * \param aead_alg An AEAD algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * is true).
+ * \param tag_length Desired length of the authentication tag in bytes.
+ *
+ * \return The corresponding AEAD algorithm with the specified
+ * length.
+ * \return Unspecified if \p alg is not a supported
+ * AEAD algorithm or if \p tag_length is not valid
+ * for the specified AEAD algorithm.
+ */
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \
+ (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \
+ ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
+ PSA_ALG_AEAD_TAG_LENGTH_MASK))
+
+/** Calculate the corresponding AEAD algorithm with the default tag length.
+ *
+ * \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return The corresponding AEAD algorithm with the default
+ * tag length for that algorithm.
+ */
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
+ ( \
+ PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \
+ PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \
+ 0)
+#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
+ ref :
+
+#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x10020000)
+/** RSA PKCS#1 v1.5 signature with hashing.
+ *
+ * This is the signature scheme defined by RFC 8017
+ * (PKCS#1: RSA Cryptography Specifications) under the name
+ * RSASSA-PKCS1-v1_5.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding RSA PKCS#1 v1.5 signature algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
+ (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+/** Raw PKCS#1 v1.5 signature.
+ *
+ * The input to this algorithm is the DigestInfo structure used by
+ * RFC 8017 (PKCS#1: RSA Cryptography Specifications), §9.2
+ * steps 3–6.
+ */
+#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
+#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
+
+#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x10030000)
+/** RSA PSS signature with hashing.
+ *
+ * This is the signature scheme defined by RFC 8017
+ * (PKCS#1: RSA Cryptography Specifications) under the name
+ * RSASSA-PSS, with the message generation function MGF1, and with
+ * a salt length equal to the length of the hash. The specified
+ * hash algorithm is used to hash the input message, to create the
+ * salted hash, and for the mask generation.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding RSA PSS signature algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_RSA_PSS(hash_alg) \
+ (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_RSA_PSS(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
+
+#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
+/** DSA signature with hashing.
+ *
+ * This is the signature scheme defined by FIPS 186-4,
+ * with a random per-message secret number (*k*).
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding DSA signature algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DSA(hash_alg) \
+ (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
+#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
+#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
+ (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_DSA(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
+ PSA_ALG_DSA_BASE)
+#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
+ (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
+#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+
+#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
+/** ECDSA signature with hashing.
+ *
+ * This is the ECDSA signature scheme defined by ANSI X9.62,
+ * with a random per-message secret number (*k*).
+ *
+ * The representation of the signature as a byte string consists of
+ * the concatentation of the signature values *r* and *s*. Each of
+ * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
+ * of the base point of the curve in octets. Each value is represented
+ * in big-endian order (most significant octet first).
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding ECDSA signature algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_ECDSA(hash_alg) \
+ (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+/** ECDSA signature without hashing.
+ *
+ * This is the same signature scheme as #PSA_ALG_ECDSA(), but
+ * without specifying a hash algorithm. This algorithm may only be
+ * used to sign or verify a sequence of bytes that should be an
+ * already-calculated hash. Note that the input is padded with
+ * zeros on the left or truncated on the left as required to fit
+ * the curve size.
+ */
+#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
+#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x10070000)
+/** Deterministic ECDSA signature with hashing.
+ *
+ * This is the deterministic ECDSA signature scheme defined by RFC 6979.
+ *
+ * The representation of a signature is the same as with #PSA_ALG_ECDSA().
+ *
+ * Note that when this algorithm is used for verification, signatures
+ * made with randomized ECDSA (#PSA_ALG_ECDSA(\p hash_alg)) with the
+ * same private key are accepted. In other words,
+ * #PSA_ALG_DETERMINISTIC_ECDSA(\p hash_alg) differs from
+ * #PSA_ALG_ECDSA(\p hash_alg) only for signature, not for verification.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding deterministic ECDSA signature
+ * algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
+ (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_ECDSA(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
+ PSA_ALG_ECDSA_BASE)
+#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
+ (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
+#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
+ (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
+#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
+ (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
+
+/** Whether the specified algorithm is a hash-and-sign algorithm.
+ *
+ * Hash-and-sign algorithms are public-key signature algorithms structured
+ * in two parts: first the calculation of a hash in a way that does not
+ * depend on the key, then the calculation of a signature from the
+ * hash value and the key.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
+ (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
+ PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
+
+/** Get the hash used by a hash-and-sign signature algorithm.
+ *
+ * A hash-and-sign algorithm is a signature algorithm which is
+ * composed of two phases: first a hashing phase which does not use
+ * the key and produces a hash of the input message, then a signing
+ * phase which only uses the hash and the key and not the message
+ * itself.
+ *
+ * \param alg A signature algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_SIGN(\p alg) is true).
+ *
+ * \return The underlying hash algorithm if \p alg is a hash-and-sign
+ * algorithm.
+ * \return 0 if \p alg is a signature algorithm that does not
+ * follow the hash-and-sign structure.
+ * \return Unspecified if \p alg is not a signature algorithm or
+ * if it is not supported by the implementation.
+ */
+#define PSA_ALG_SIGN_GET_HASH(alg) \
+ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
+ ((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 : \
+ ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
+ 0)
+
+/** RSA PKCS#1 v1.5 encryption.
+ */
+#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12020000)
+
+#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x12030000)
+/** RSA OAEP encryption.
+ *
+ * This is the encryption scheme defined by RFC 8017
+ * (PKCS#1: RSA Cryptography Specifications) under the name
+ * RSAES-OAEP, with the message generation function MGF1.
+ *
+ * \param hash_alg The hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true) to use
+ * for MGF1.
+ *
+ * \return The corresponding RSA OAEP signature algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_RSA_OAEP(hash_alg) \
+ (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_RSA_OAEP(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
+#define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
+ (PSA_ALG_IS_RSA_OAEP(alg) ? \
+ ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
+ 0)
+
+#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100)
+/** Macro to build an HKDF algorithm.
+ *
+ * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding HKDF algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_HKDF(hash_alg) \
+ (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+/** Whether the specified algorithm is an HKDF algorithm.
+ *
+ * HKDF is a family of key derivation algorithms that are based on a hash
+ * function and the HMAC construction.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is an HKDF algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_HKDF(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
+#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+
+#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200)
+/** Macro to build a TLS-1.2 PRF algorithm.
+ *
+ * TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
+ * specified in Section 5 of RFC 5246. It is based on HMAC and can be
+ * used with either SHA-256 or SHA-384.
+ *
+ * For the application to TLS-1.2, the salt and label arguments passed
+ * to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246,
+ * respectively. For example, for TLS key expansion, the salt is the
+ * concatenation of ServerHello.Random + ClientHello.Random,
+ * while the label is "key expansion".
+ *
+ * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
+ * TLS 1.2 PRF using HMAC-SHA-256.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding TLS-1.2 PRF algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_TLS12_PRF(hash_alg) \
+ (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is a TLS-1.2 PRF algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a TLS-1.2 PRF algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_TLS12_PRF(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
+#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+
+#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)
+/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
+ *
+ * In a pure-PSK handshake in TLS 1.2, the master secret is derived
+ * from the PreSharedKey (PSK) through the application of padding
+ * (RFC 4279, Section 2) and the TLS-1.2 PRF (RFC 5246, Section 5).
+ * The latter is based on HMAC and can be used with either SHA-256
+ * or SHA-384.
+ *
+ * For the application to TLS-1.2, the salt passed to psa_key_derivation()
+ * (and forwarded to the TLS-1.2 PRF) is the concatenation of the
+ * ClientHello.Random + ServerHello.Random, while the label is "master secret"
+ * or "extended master secret".
+ *
+ * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
+ * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding TLS-1.2 PSK to MS algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
+ (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a TLS-1.2 PSK to MS algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
+#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+
+#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff)
+
+/** Use a shared secret as is.
+ *
+ * Specify this algorithm as the selection component of a key agreement
+ * to use the raw result of the key agreement as key material.
+ *
+ * \warning The raw result of a key agreement algorithm such as finite-field
+ * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+ * not be used directly as key material. It can however be used as the secret
+ * input in a key derivation algorithm.
+ */
+#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
+
+#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
+ (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
+
+#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
+ ((alg) & ~PSA_ALG_KEY_DERIVATION_MASK)
+
+#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000)
+/** The Diffie-Hellman key agreement algorithm.
+ *
+ * This algorithm combines the finite-field Diffie-Hellman (DH) key
+ * agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement,
+ * to produce a shared secret from a private key and the peer's
+ * public key, with a key selection or key derivation algorithm to produce
+ * one or more shared keys and other shared cryptographic material.
+ *
+ * The shared secret produced by key agreement and passed as input to the
+ * derivation or selection algorithm \p kdf_alg is the shared secret
+ * `g^{ab}` in big-endian format.
+ * It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
+ * in bits.
+ *
+ * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
+ * or a key selection algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
+ *
+ * \return The Diffie-Hellman algorithm with the specified
+ * selection or derivation algorithm.
+ */
+#define PSA_ALG_FFDH(kdf_alg) \
+ (PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
+/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
+ *
+ * This includes every supported key selection or key agreement algorithm
+ * for the output of the Diffie-Hellman calculation.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a finite field Diffie-Hellman algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key agreement algorithm identifier.
+ */
+#define PSA_ALG_IS_FFDH(alg) \
+ (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)
+
+#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000)
+/** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
+ *
+ * This algorithm combines the elliptic curve Diffie-Hellman key
+ * agreement to produce a shared secret from a private key and the peer's
+ * public key, with a key selection or key derivation algorithm to produce
+ * one or more shared keys and other shared cryptographic material.
+ *
+ * The shared secret produced by key agreement and passed as input to the
+ * derivation or selection algorithm \p kdf_alg is the x-coordinate of
+ * the shared secret point. It is always `ceiling(m / 8)` bytes long where
+ * `m` is the bit size associated with the curve, i.e. the bit size of the
+ * order of the curve's coordinate field. When `m` is not a multiple of 8,
+ * the byte containing the most significant bit of the shared secret
+ * is padded with zero bits. The byte order is either little-endian
+ * or big-endian depending on the curve type.
+ *
+ * - For Montgomery curves (curve types `PSA_ECC_CURVE_CURVEXXX`),
+ * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
+ * in little-endian byte order.
+ * The bit size is 448 for Curve448 and 255 for Curve25519.
+ * - For Weierstrass curves over prime fields (curve types
+ * `PSA_ECC_CURVE_SECPXXX` and `PSA_ECC_CURVE_BRAINPOOL_PXXX`),
+ * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
+ * in big-endian byte order.
+ * The bit size is `m = ceiling(log_2(p))` for the field `F_p`.
+ * - For Weierstrass curves over binary fields (curve types
+ * `PSA_ECC_CURVE_SECTXXX`),
+ * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
+ * in big-endian byte order.
+ * The bit size is `m` for the field `F_{2^m}`.
+ *
+ * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
+ * or a selection algorithm (\c PSA_ALG_XXX value such
+ * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
+ *
+ * \return The Diffie-Hellman algorithm with the specified
+ * selection or derivation algorithm.
+ */
+#define PSA_ALG_ECDH(kdf_alg) \
+ (PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
+/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
+ * algorithm.
+ *
+ * This includes every supported key selection or key agreement algorithm
+ * for the output of the Diffie-Hellman calculation.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is an elliptic curve Diffie-Hellman algorithm,
+ * 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key agreement algorithm identifier.
+ */
+#define PSA_ALG_IS_ECDH(alg) \
+ (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)
+
+/** Whether the specified algorithm encoding is a wildcard.
+ *
+ * Wildcard values may only be used to set the usage algorithm field in
+ * a policy, not to perform an operation.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a wildcard algorithm encoding.
+ * \return 0 if \c alg is a non-wildcard algorithm encoding (suitable for
+ * an operation).
+ * \return This macro may return either 0 or 1 if \c alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_WILDCARD(alg) \
+ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
+ PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
+ (alg) == PSA_ALG_ANY_HASH)
+
+/**@}*/
+
+/** \defgroup key_lifetimes Key lifetimes
+ * @{
+ */
+
+/** A volatile key only exists as long as the handle to it is not closed.
+ * The key material is guaranteed to be erased on a power reset.
+ */
+#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
+
+/** The default storage area for persistent keys.
+ *
+ * A persistent key remains in storage until it is explicitly destroyed or
+ * until the corresponding storage area is wiped. This specification does
+ * not define any mechanism to wipe a storage area, but implementations may
+ * provide their own mechanism (for example to perform a factory reset,
+ * to prepare for device refurbishment, or to uninstall an application).
+ *
+ * This lifetime value is the default storage area for the calling
+ * application. Implementations may offer other storage areas designated
+ * by other lifetime values as implementation-specific extensions.
+ */
+#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+
+/**@}*/
+
+/** \defgroup policy Key policies
+ * @{
+ */
+
+/** Whether the key may be exported.
+ *
+ * A public key or the public part of a key pair may always be exported
+ * regardless of the value of this permission flag.
+ *
+ * If a key does not have export permission, implementations shall not
+ * allow the key to be exported in plain form from the cryptoprocessor,
+ * whether through psa_export_key() or through a proprietary interface.
+ * The key may however be exportable in a wrapped form, i.e. in a form
+ * where it is encrypted by another key.
+ */
+#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
+
+/** Whether the key may be used to encrypt a message.
+ *
+ * This flag allows the key to be used for a symmetric encryption operation,
+ * for an AEAD encryption-and-authentication operation,
+ * or for an asymmetric encryption operation,
+ * if otherwise permitted by the key's type and policy.
+ *
+ * For a key pair, this concerns the public key.
+ */
+#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
+
+/** Whether the key may be used to decrypt a message.
+ *
+ * This flag allows the key to be used for a symmetric decryption operation,
+ * for an AEAD decryption-and-verification operation,
+ * or for an asymmetric decryption operation,
+ * if otherwise permitted by the key's type and policy.
+ *
+ * For a key pair, this concerns the private key.
+ */
+#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
+
+/** Whether the key may be used to sign a message.
+ *
+ * This flag allows the key to be used for a MAC calculation operation
+ * or for an asymmetric signature operation,
+ * if otherwise permitted by the key's type and policy.
+ *
+ * For a key pair, this concerns the private key.
+ */
+#define PSA_KEY_USAGE_SIGN ((psa_key_usage_t)0x00000400)
+
+/** Whether the key may be used to verify a message signature.
+ *
+ * This flag allows the key to be used for a MAC verification operation
+ * or for an asymmetric signature verification operation,
+ * if otherwise permitted by by the key's type and policy.
+ *
+ * For a key pair, this concerns the public key.
+ */
+#define PSA_KEY_USAGE_VERIFY ((psa_key_usage_t)0x00000800)
+
+/** Whether the key may be used to derive other keys.
+ */
+#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00001000)
+
+/**@}*/
+
+#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index fb43fd0..9039216 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -53,6 +53,10 @@
platform.c
platform_util.c
poly1305.c
+ psa_crypto.c
+ psa_crypto_slot_management.c
+ psa_crypto_storage.c
+ psa_its_file.c
ripemd160.c
rsa.c
rsa_internal.c
@@ -146,33 +150,26 @@
endif()
if(USE_STATIC_MBEDTLS_LIBRARY)
- if(NOT USE_CRYPTO_SUBMODULE)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
- target_link_libraries(${mbedcrypto_static_target} ${libs})
- target_include_directories(${mbedcrypto_static_target} PUBLIC ${CMAKE_SOURCE_DIR}/include/)
- endif()
-
- add_library(${mbedx509_static_target} STATIC ${src_x509})
- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
- target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
- target_include_directories(${mbedx509_static_target}
+ add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+ set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
+ target_link_libraries(${mbedcrypto_static_target} ${libs})
+ target_include_directories(${mbedcrypto_static_target}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
- add_library(${mbedtls_static_target} STATIC ${src_tls})
- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
- target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
- target_include_directories(${mbedtls_static_target}
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
- )
-
if(USE_CRYPTO_SUBMODULE)
- install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target}
+ install(TARGETS ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
else()
+ add_library(${mbedx509_static_target} STATIC ${src_x509})
+ set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
+ target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
+
+ add_library(${mbedtls_static_target} STATIC ${src_tls})
+ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+ target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
+
install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
@@ -180,32 +177,26 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
- if(NOT USE_CRYPTO_SUBMODULE)
- add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
- target_link_libraries(mbedcrypto ${libs})
- target_include_directories(mbedcrypto PUBLIC ${CMAKE_SOURCE_DIR}/include/)
- endif()
-
- add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
- target_link_libraries(mbedx509 ${libs} mbedcrypto)
- target_include_directories(mbedx509
- PUBLIC ${CMAKE_SOURCE_DIR}/include/
- PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
-
- add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
- target_link_libraries(mbedtls ${libs} mbedx509)
- target_include_directories(mbedtls
+ add_library(mbedcrypto SHARED ${src_crypto})
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
+ target_link_libraries(mbedcrypto ${libs})
+ target_include_directories(mbedcrypto
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
if(USE_CRYPTO_SUBMODULE)
- install(TARGETS mbedtls mbedx509
+ install(TARGETS mbedcrypto
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
else()
+ add_library(mbedx509 SHARED ${src_x509})
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0)
+ target_link_libraries(mbedx509 ${libs} mbedcrypto)
+
+ add_library(mbedtls SHARED ${src_tls})
+ set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12)
+ target_link_libraries(mbedtls ${libs} mbedx509)
+
install(TARGETS mbedtls mbedx509 mbedcrypto
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
@@ -213,9 +204,9 @@
endif(USE_SHARED_MBEDTLS_LIBRARY)
if(USE_CRYPTO_SUBMODULE)
- add_custom_target(lib DEPENDS mbedx509 mbedtls)
+ add_custom_target(crypto_lib DEPENDS mbedcrypto)
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
- add_dependencies(lib mbedx509_static mbedtls_static)
+ add_dependencies(crypto_lib mbedcrypto_static)
endif()
else()
add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls)
diff --git a/library/Makefile b/library/Makefile
index d10fc41..6ed5e68 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -5,7 +5,8 @@
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+CRYPTO_INCLUDES ?= -I../include
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(CRYPTO_INCLUDES) -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
@@ -63,13 +64,6 @@
endif
endif
-
-ifdef USE_CRYPTO_SUBMODULE
-# Look in crypto for libmbedcrypto.
-LOCAL_LDFLAGS += -L../crypto/library
-LOCAL_CFLAGS += -I../crypto/include
-CRYPTO := ../crypto/library/
-else
OBJS_CRYPTO= aes.o aesni.o arc4.o \
aria.o asn1parse.o asn1write.o \
base64.o bignum.o blowfish.o \
@@ -88,12 +82,14 @@
pk.o pk_wrap.o pkcs12.o \
pkcs5.o pkparse.o pkwrite.o \
platform.o platform_util.o poly1305.o \
+ psa_crypto.o \
+ psa_crypto_slot_management.o \
+ psa_crypto_storage.o \
+ psa_its_file.o \
ripemd160.o rsa_internal.o rsa.o \
sha1.o sha256.o sha512.o \
threading.o timing.o version.o \
version_features.o xtea.o
-CRYPTO :=
-endif
OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \
@@ -157,7 +153,7 @@
endif
endif
-libmbedx509.$(SOEXT_X509): $(OBJS_X509) $(CRYPTO)libmbedcrypto.so
+libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
@@ -174,10 +170,6 @@
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
# crypto
-ifdef USE_CRYPTO_SUBMODULE
-libmbedcrypto.%:
- $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C ../crypto/library $@
-else
libmbedcrypto.a: $(OBJS_CRYPTO)
echo " AR $@"
$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
@@ -203,7 +195,6 @@
libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-endif
.c.o:
echo " CC $<"
@@ -213,5 +204,6 @@
ifndef WINDOWS
rm -f *.o libmbed*
else
- del /Q /F *.o libmbed*
+ if exist *.o del /Q /F *.o
+ if exist libmbed* del /Q /F libmbed*
endif
diff --git a/library/cipher.c b/library/cipher.c
index 3cdd07f..ae89b93 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1114,8 +1114,6 @@
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
- return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/ecp.c b/library/ecp.c
index c3c5ce5..e8df2fd 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -373,7 +373,7 @@
* Curves are listed in order: largest curves first, and for a given size,
* fastest curves first. This provides the default order for the SSL module.
*
- * Reminder: update profiles in x509_crt.c when adding a new curves!
+ * Reminder: update profiles in Mbed TLS's x509_crt.c when adding new curves!
*/
static const mbedtls_ecp_curve_info ecp_supported_curves[] =
{
diff --git a/library/md.c b/library/md.c
index 303cdcb..ac8fac5 100644
--- a/library/md.c
+++ b/library/md.c
@@ -50,7 +50,7 @@
#endif
/*
- * Reminder: update profiles in x509_crt.c when adding a new hash!
+ * Reminder: update profiles in Mbed TLS's x509_crt.c when adding a new hash!
*/
static const int supported_digests[] = {
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
new file mode 100644
index 0000000..3b9c78f
--- /dev/null
+++ b/library/psa_crypto.c
@@ -0,0 +1,4639 @@
+/*
+ * PSA crypto layer on top of Mbed TLS crypto
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include "psa_crypto_service_integration.h"
+#include "psa/crypto.h"
+
+#include "psa_crypto_core.h"
+#include "psa_crypto_invasive.h"
+#include "psa_crypto_slot_management.h"
+/* Include internal declarations that are useful for implementing persistently
+ * stored keys. */
+#include "psa_crypto_storage.h"
+
+#include <stdlib.h>
+#include <string.h>
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#include "mbedtls/arc4.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/des.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md_internal.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pk_internal.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/xtea.h"
+
+#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+
+/* constant-time buffer comparison */
+static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
+{
+ size_t i;
+ unsigned char diff = 0;
+
+ for( i = 0; i < n; i++ )
+ diff |= a[i] ^ b[i];
+
+ return( diff );
+}
+
+
+
+/****************************************************************/
+/* Global data, support functions and library management */
+/****************************************************************/
+
+static int key_type_is_raw_bytes( psa_key_type_t type )
+{
+ return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
+}
+
+/* Values for psa_global_data_t::rng_state */
+#define RNG_NOT_INITIALIZED 0
+#define RNG_INITIALIZED 1
+#define RNG_SEEDED 2
+
+typedef struct
+{
+ void (* entropy_init )( mbedtls_entropy_context *ctx );
+ void (* entropy_free )( mbedtls_entropy_context *ctx );
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned initialized : 1;
+ unsigned rng_state : 2;
+} psa_global_data_t;
+
+static psa_global_data_t global_data;
+
+#define GUARD_MODULE_INITIALIZED \
+ if( global_data.initialized == 0 ) \
+ return( PSA_ERROR_BAD_STATE );
+
+static psa_status_t mbedtls_to_psa_error( int ret )
+{
+ /* If there's both a high-level code and low-level code, dispatch on
+ * the high-level code. */
+ switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
+ {
+ case 0:
+ return( PSA_SUCCESS );
+
+ case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
+ case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
+ case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
+ case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
+ case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
+ case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:
+ case MBEDTLS_ERR_ASN1_INVALID_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_ASN1_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
+ case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
+#elif defined(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH)
+ case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
+#endif
+ case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
+ case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
+#elif defined(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH)
+ case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
+#endif
+ case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_CCM_BAD_INPUT:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_CCM_AUTH_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
+ return( PSA_ERROR_INVALID_PADDING );
+ case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
+ return( PSA_ERROR_BAD_STATE );
+ case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
+ return( PSA_ERROR_TAMPERING_DETECTED );
+ case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+ case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
+ case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
+ return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+
+ case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
+ case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
+ case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+
+ case MBEDTLS_ERR_GCM_AUTH_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_GCM_BAD_INPUT:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
+ case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
+ case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MD_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_MD_FILE_IO_ERROR:
+ return( PSA_ERROR_STORAGE_FAILURE );
+ case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
+ return( PSA_ERROR_STORAGE_FAILURE );
+ case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ case MBEDTLS_ERR_MPI_NEGATIVE_VALUE:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_MPI_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ case MBEDTLS_ERR_PK_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_PK_TYPE_MISMATCH:
+ case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_PK_FILE_IO_ERROR:
+ return( PSA_ERROR_STORAGE_FAILURE );
+ case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
+ case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
+ case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
+ return( PSA_ERROR_NOT_PERMITTED );
+ case MBEDTLS_ERR_PK_INVALID_PUBKEY:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_PK_INVALID_ALG:
+ case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
+ case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_RSA_INVALID_PADDING:
+ return( PSA_ERROR_INVALID_PADDING );
+ case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+ case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
+ case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
+ return( PSA_ERROR_TAMPERING_DETECTED );
+ case MBEDTLS_ERR_RSA_VERIFY_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ case MBEDTLS_ERR_RSA_RNG_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
+ case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
+ case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
+ case MBEDTLS_ERR_ECP_INVALID_KEY:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
+ case MBEDTLS_ERR_ECP_VERIFY_FAILED:
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ case MBEDTLS_ERR_ECP_ALLOC_FAILED:
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
+ return( PSA_ERROR_HARDWARE_FAILURE );
+
+ default:
+ return( PSA_ERROR_GENERIC_ERROR );
+ }
+}
+
+
+
+
+/****************************************************************/
+/* Key management */
+/****************************************************************/
+
+#if defined(MBEDTLS_ECP_C)
+static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
+{
+ switch( grpid )
+ {
+ case MBEDTLS_ECP_DP_SECP192R1:
+ return( PSA_ECC_CURVE_SECP192R1 );
+ case MBEDTLS_ECP_DP_SECP224R1:
+ return( PSA_ECC_CURVE_SECP224R1 );
+ case MBEDTLS_ECP_DP_SECP256R1:
+ return( PSA_ECC_CURVE_SECP256R1 );
+ case MBEDTLS_ECP_DP_SECP384R1:
+ return( PSA_ECC_CURVE_SECP384R1 );
+ case MBEDTLS_ECP_DP_SECP521R1:
+ return( PSA_ECC_CURVE_SECP521R1 );
+ case MBEDTLS_ECP_DP_BP256R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
+ case MBEDTLS_ECP_DP_BP384R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
+ case MBEDTLS_ECP_DP_BP512R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
+ case MBEDTLS_ECP_DP_CURVE25519:
+ return( PSA_ECC_CURVE_CURVE25519 );
+ case MBEDTLS_ECP_DP_SECP192K1:
+ return( PSA_ECC_CURVE_SECP192K1 );
+ case MBEDTLS_ECP_DP_SECP224K1:
+ return( PSA_ECC_CURVE_SECP224K1 );
+ case MBEDTLS_ECP_DP_SECP256K1:
+ return( PSA_ECC_CURVE_SECP256K1 );
+ case MBEDTLS_ECP_DP_CURVE448:
+ return( PSA_ECC_CURVE_CURVE448 );
+ default:
+ return( 0 );
+ }
+}
+
+static mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve )
+{
+ switch( curve )
+ {
+ case PSA_ECC_CURVE_SECP192R1:
+ return( MBEDTLS_ECP_DP_SECP192R1 );
+ case PSA_ECC_CURVE_SECP224R1:
+ return( MBEDTLS_ECP_DP_SECP224R1 );
+ case PSA_ECC_CURVE_SECP256R1:
+ return( MBEDTLS_ECP_DP_SECP256R1 );
+ case PSA_ECC_CURVE_SECP384R1:
+ return( MBEDTLS_ECP_DP_SECP384R1 );
+ case PSA_ECC_CURVE_SECP521R1:
+ return( MBEDTLS_ECP_DP_SECP521R1 );
+ case PSA_ECC_CURVE_BRAINPOOL_P256R1:
+ return( MBEDTLS_ECP_DP_BP256R1 );
+ case PSA_ECC_CURVE_BRAINPOOL_P384R1:
+ return( MBEDTLS_ECP_DP_BP384R1 );
+ case PSA_ECC_CURVE_BRAINPOOL_P512R1:
+ return( MBEDTLS_ECP_DP_BP512R1 );
+ case PSA_ECC_CURVE_CURVE25519:
+ return( MBEDTLS_ECP_DP_CURVE25519 );
+ case PSA_ECC_CURVE_SECP192K1:
+ return( MBEDTLS_ECP_DP_SECP192K1 );
+ case PSA_ECC_CURVE_SECP224K1:
+ return( MBEDTLS_ECP_DP_SECP224K1 );
+ case PSA_ECC_CURVE_SECP256K1:
+ return( MBEDTLS_ECP_DP_SECP256K1 );
+ case PSA_ECC_CURVE_CURVE448:
+ return( MBEDTLS_ECP_DP_CURVE448 );
+ default:
+ return( MBEDTLS_ECP_DP_NONE );
+ }
+}
+#endif /* defined(MBEDTLS_ECP_C) */
+
+static psa_status_t prepare_raw_data_slot( psa_key_type_t type,
+ size_t bits,
+ struct raw_data *raw )
+{
+ /* Check that the bit size is acceptable for the key type */
+ switch( type )
+ {
+ case PSA_KEY_TYPE_RAW_DATA:
+ if( bits == 0 )
+ {
+ raw->bytes = 0;
+ raw->data = NULL;
+ return( PSA_SUCCESS );
+ }
+ break;
+#if defined(MBEDTLS_MD_C)
+ case PSA_KEY_TYPE_HMAC:
+#endif
+ case PSA_KEY_TYPE_DERIVE:
+ break;
+#if defined(MBEDTLS_AES_C)
+ case PSA_KEY_TYPE_AES:
+ if( bits != 128 && bits != 192 && bits != 256 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ case PSA_KEY_TYPE_CAMELLIA:
+ if( bits != 128 && bits != 192 && bits != 256 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif
+#if defined(MBEDTLS_DES_C)
+ case PSA_KEY_TYPE_DES:
+ if( bits != 64 && bits != 128 && bits != 192 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif
+#if defined(MBEDTLS_ARC4_C)
+ case PSA_KEY_TYPE_ARC4:
+ if( bits < 8 || bits > 2048 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ if( bits % 8 != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Allocate memory for the key */
+ raw->bytes = PSA_BITS_TO_BYTES( bits );
+ raw->data = mbedtls_calloc( 1, raw->bytes );
+ if( raw->data == NULL )
+ {
+ raw->bytes = 0;
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ }
+ return( PSA_SUCCESS );
+}
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
+/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes
+ * that are not a multiple of 8) well. For example, there is only
+ * mbedtls_rsa_get_len(), which returns a number of bytes, and no
+ * way to return the exact bit size of a key.
+ * To keep things simple, reject non-byte-aligned key sizes. */
+static psa_status_t psa_check_rsa_key_byte_aligned(
+ const mbedtls_rsa_context *rsa )
+{
+ mbedtls_mpi n;
+ psa_status_t status;
+ mbedtls_mpi_init( &n );
+ status = mbedtls_to_psa_error(
+ mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
+ if( status == PSA_SUCCESS )
+ {
+ if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+ mbedtls_mpi_free( &n );
+ return( status );
+}
+
+static psa_status_t psa_import_rsa_key( psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_rsa_context **p_rsa )
+{
+ psa_status_t status;
+ mbedtls_pk_context pk;
+ mbedtls_rsa_context *rsa;
+ size_t bits;
+
+ mbedtls_pk_init( &pk );
+
+ /* Parse the data. */
+ if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+ status = mbedtls_to_psa_error(
+ mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 ) );
+ else
+ status = mbedtls_to_psa_error(
+ mbedtls_pk_parse_public_key( &pk, data, data_length ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* We have something that the pkparse module recognizes. If it is a
+ * valid RSA key, store it. */
+ if( mbedtls_pk_get_type( &pk ) != MBEDTLS_PK_RSA )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ rsa = mbedtls_pk_rsa( pk );
+ /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
+ * supports non-byte-aligned key sizes, but not well. For example,
+ * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
+ bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
+ if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = psa_check_rsa_key_byte_aligned( rsa );
+
+exit:
+ /* Free the content of the pk object only on error. */
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_pk_free( &pk );
+ return( status );
+ }
+
+ /* On success, store the content of the object in the RSA context. */
+ *p_rsa = rsa;
+
+ return( PSA_SUCCESS );
+}
+#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
+
+#if defined(MBEDTLS_ECP_C)
+
+/* Import a public key given as the uncompressed representation defined by SEC1
+ * 2.3.3 as the content of an ECPoint. */
+static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_ecp_keypair **p_ecp )
+{
+ psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+ mbedtls_ecp_keypair *ecp = NULL;
+ mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
+
+ *p_ecp = NULL;
+ ecp = mbedtls_calloc( 1, sizeof( *ecp ) );
+ if( ecp == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ mbedtls_ecp_keypair_init( ecp );
+
+ /* Load the group. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ /* Load the public value. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
+ data, data_length ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Check that the point is on the curve. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ *p_ecp = ecp;
+ return( PSA_SUCCESS );
+
+exit:
+ if( ecp != NULL )
+ {
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+ }
+ return( status );
+}
+#endif /* defined(MBEDTLS_ECP_C) */
+
+#if defined(MBEDTLS_ECP_C)
+/* Import a private key given as a byte string which is the private value
+ * in big-endian order. */
+static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_ecp_keypair **p_ecp )
+{
+ psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+ mbedtls_ecp_keypair *ecp = NULL;
+ mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
+
+ *p_ecp = NULL;
+ ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
+ if( ecp == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ mbedtls_ecp_keypair_init( ecp );
+
+ /* Load the group. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ /* Load the secret value. */
+ status = mbedtls_to_psa_error(
+ mbedtls_mpi_read_binary( &ecp->d, data, data_length ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ /* Validate the private key. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ /* Calculate the public key from the private key. */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+ mbedtls_ctr_drbg_random, &global_data.ctr_drbg ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ *p_ecp = ecp;
+ return( PSA_SUCCESS );
+
+exit:
+ if( ecp != NULL )
+ {
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+ }
+ return( status );
+}
+#endif /* defined(MBEDTLS_ECP_C) */
+
+/** Import key data into a slot. `slot->type` must have been set
+ * previously. This function assumes that the slot does not contain
+ * any key material yet. On failure, the slot content is unchanged. */
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ if( key_type_is_raw_bytes( slot->type ) )
+ {
+ /* Ensure that a bytes-to-bit conversion won't overflow. */
+ if( data_length > SIZE_MAX / 8 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ status = prepare_raw_data_slot( slot->type,
+ PSA_BYTES_TO_BITS( data_length ),
+ &slot->data.raw );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( data_length != 0 )
+ memcpy( slot->data.raw.data, data, data_length );
+ }
+ else
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) )
+ {
+ status = psa_import_ec_private_key( PSA_KEY_TYPE_GET_CURVE( slot->type ),
+ data, data_length,
+ &slot->data.ecp );
+ }
+ else if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( slot->type ) )
+ {
+ status = psa_import_ec_public_key(
+ PSA_KEY_TYPE_GET_CURVE( slot->type ),
+ data, data_length,
+ &slot->data.ecp );
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ {
+ status = psa_import_rsa_key( slot->type,
+ data, data_length,
+ &slot->data.rsa );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ return( status );
+}
+
+/* Retrieve an empty key slot (slot with no key data, but possibly
+ * with some metadata such as a policy). */
+static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+
+ *p_slot = NULL;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( slot->type != PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_ALREADY_EXISTS );
+
+ *p_slot = slot;
+ return( status );
+}
+
+/** Calculate the intersection of two algorithm usage policies.
+ *
+ * Return 0 (which allows no operation) on incompatibility.
+ */
+static psa_algorithm_t psa_key_policy_algorithm_intersection(
+ psa_algorithm_t alg1,
+ psa_algorithm_t alg2 )
+{
+ /* Common case: the policy only allows alg. */
+ if( alg1 == alg2 )
+ return( alg1 );
+ /* If the policies are from the same hash-and-sign family, check
+ * if one is a wildcard. If so the other has the specific algorithm. */
+ if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
+ PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
+ ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
+ {
+ if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
+ return( alg2 );
+ if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
+ return( alg1 );
+ }
+ /* If the policies are incompatible, allow nothing. */
+ return( 0 );
+}
+
+/** Test whether a policy permits an algorithm.
+ *
+ * The caller must test usage flags separately.
+ */
+static int psa_key_policy_permits( const psa_key_policy_t *policy,
+ psa_algorithm_t alg )
+{
+ /* Common case: the policy only allows alg. */
+ if( alg == policy->alg )
+ return( 1 );
+ /* If policy->alg is a hash-and-sign with a wildcard for the hash,
+ * and alg is the same hash-and-sign family with any hash,
+ * then alg is compliant with policy->alg. */
+ if( PSA_ALG_IS_HASH_AND_SIGN( alg ) &&
+ PSA_ALG_SIGN_GET_HASH( policy->alg ) == PSA_ALG_ANY_HASH )
+ {
+ return( ( policy->alg & ~PSA_ALG_HASH_MASK ) ==
+ ( alg & ~PSA_ALG_HASH_MASK ) );
+ }
+ /* If it isn't permitted, it's forbidden. */
+ return( 0 );
+}
+
+/** Restrict a key policy based on a constraint.
+ *
+ * \param[in,out] policy The policy to restrict.
+ * \param[in] constraint The policy constraint to apply.
+ *
+ * \retval #PSA_SUCCESS
+ * \c *policy contains the intersection of the original value of
+ * \c *policy and \c *constraint.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c *policy and \c *constraint are incompatible.
+ * \c *policy is unchanged.
+ */
+static psa_status_t psa_restrict_key_policy(
+ psa_key_policy_t *policy,
+ const psa_key_policy_t *constraint )
+{
+ psa_algorithm_t intersection_alg =
+ psa_key_policy_algorithm_intersection( policy->alg, constraint->alg );
+ if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ policy->usage &= constraint->usage;
+ policy->alg = intersection_alg;
+ return( PSA_SUCCESS );
+}
+
+/** Retrieve a slot which must contain a key. The key must have allow all the
+ * usage flags set in \p usage. If \p alg is nonzero, the key must allow
+ * operations with this algorithm. */
+static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot = NULL;
+
+ *p_slot = NULL;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_DOES_NOT_EXIST );
+
+ /* Enforce that usage policy for the key slot contains all the flags
+ * required by the usage parameter. There is one exception: public
+ * keys can always be exported, so we treat public key objects as
+ * if they had the export flag. */
+ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
+ usage &= ~PSA_KEY_USAGE_EXPORT;
+ if( ( slot->policy.usage & usage ) != usage )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ /* Enforce that the usage policy permits the requested algortihm. */
+ if( alg != 0 && ! psa_key_policy_permits( &slot->policy, alg ) )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ *p_slot = slot;
+ return( PSA_SUCCESS );
+}
+
+/** Wipe key data from a slot. Preserve metadata such as the policy. */
+static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
+{
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ {
+ /* No key material to clean. */
+ }
+ else if( key_type_is_raw_bytes( slot->type ) )
+ {
+ mbedtls_free( slot->data.raw.data );
+ }
+ else
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ {
+ mbedtls_rsa_free( slot->data.rsa );
+ mbedtls_free( slot->data.rsa );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+ mbedtls_ecp_keypair_free( slot->data.ecp );
+ mbedtls_free( slot->data.ecp );
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ /* Shouldn't happen: the key type is not any type that we
+ * put in. */
+ return( PSA_ERROR_TAMPERING_DETECTED );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+/** Completely wipe a slot in memory, including its policy.
+ * Persistent storage is not affected. */
+psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
+{
+ psa_status_t status = psa_remove_key_data_from_memory( slot );
+ /* At this point, key material and other type-specific content has
+ * been wiped. Clear remaining metadata. We can call memset and not
+ * zeroize because the metadata is not particularly sensitive. */
+ memset( slot, 0, sizeof( *slot ) );
+ return( status );
+}
+
+psa_status_t psa_import_key( psa_key_handle_t handle,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ status = psa_get_empty_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ slot->type = type;
+
+ status = psa_import_key_into_slot( slot, data, data_length );
+ if( status != PSA_SUCCESS )
+ {
+ slot->type = PSA_KEY_TYPE_NONE;
+ return( status );
+ }
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ {
+ /* Store in file location */
+ status = psa_save_persistent_key( slot->persistent_storage_id,
+ slot->type, &slot->policy, data,
+ data_length );
+ if( status != PSA_SUCCESS )
+ {
+ (void) psa_remove_key_data_from_memory( slot );
+ slot->type = PSA_KEY_TYPE_NONE;
+ }
+ }
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+ return( status );
+}
+
+psa_status_t psa_destroy_key( psa_key_handle_t handle )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status = PSA_SUCCESS;
+ psa_status_t storage_status = PSA_SUCCESS;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ {
+ storage_status =
+ psa_destroy_persistent_key( slot->persistent_storage_id );
+ }
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+ status = psa_wipe_key_slot( slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+ return( storage_status );
+}
+
+/* Return the size of the key in the given slot, in bits. */
+static size_t psa_get_key_bits( const psa_key_slot_t *slot )
+{
+ if( key_type_is_raw_bytes( slot->type ) )
+ return( slot->data.raw.bytes * 8 );
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) );
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ return( slot->data.ecp->grp.pbits );
+#endif /* defined(MBEDTLS_ECP_C) */
+ /* Shouldn't happen except on an empty slot. */
+ return( 0 );
+}
+
+psa_status_t psa_get_key_information( psa_key_handle_t handle,
+ psa_key_type_t *type,
+ size_t *bits )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( type != NULL )
+ *type = 0;
+ if( bits != NULL )
+ *bits = 0;
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ if( type != NULL )
+ *type = slot->type;
+ if( bits != NULL )
+ *bits = psa_get_key_bits( slot );
+ return( PSA_SUCCESS );
+}
+
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
+static int pk_write_pubkey_simple( mbedtls_pk_context *key,
+ unsigned char *buf, size_t size )
+{
+ int ret;
+ unsigned char *c;
+ size_t len = 0;
+
+ c = buf + size;
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
+
+ return( (int) len );
+}
+#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) */
+
+static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length,
+ int export_public_key )
+{
+ *data_length = 0;
+
+ if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( key_type_is_raw_bytes( slot->type ) )
+ {
+ if( slot->data.raw.bytes > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if( data_size != 0 )
+ {
+ memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
+ memset( data + slot->data.raw.bytes, 0,
+ data_size - slot->data.raw.bytes );
+ }
+ *data_length = slot->data.raw.bytes;
+ return( PSA_SUCCESS );
+ }
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) && !export_public_key )
+ {
+ psa_status_t status;
+
+ size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( slot ) );
+ if( bytes > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ status = mbedtls_to_psa_error(
+ mbedtls_mpi_write_binary( &slot->data.ecp->d, data, bytes ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ memset( data + bytes, 0, data_size - bytes );
+ *data_length = bytes;
+ return( PSA_SUCCESS );
+ }
+#endif
+ else
+ {
+#if defined(MBEDTLS_PK_WRITE_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) ||
+ PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+ mbedtls_pk_context pk;
+ int ret;
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ {
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_pk_init( &pk );
+ pk.pk_info = &mbedtls_rsa_info;
+ pk.pk_ctx = slot->data.rsa;
+#else
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+ }
+ else
+ {
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_pk_init( &pk );
+ pk.pk_info = &mbedtls_eckey_info;
+ pk.pk_ctx = slot->data.ecp;
+#else
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+ }
+ if( export_public_key || PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
+ {
+ ret = pk_write_pubkey_simple( &pk, data, data_size );
+ }
+ else
+ {
+ ret = mbedtls_pk_write_key_der( &pk, data, data_size );
+ }
+ if( ret < 0 )
+ {
+ /* If data_size is 0 then data may be NULL and then the
+ * call to memset would have undefined behavior. */
+ if( data_size != 0 )
+ memset( data, 0, data_size );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ /* The mbedtls_pk_xxx functions write to the end of the buffer.
+ * Move the data to the beginning and erase remaining data
+ * at the original location. */
+ if( 2 * (size_t) ret <= data_size )
+ {
+ memcpy( data, data + data_size - ret, ret );
+ memset( data + data_size - ret, 0, ret );
+ }
+ else if( (size_t) ret < data_size )
+ {
+ memmove( data, data + data_size - ret, ret );
+ memset( data + ret, 0, data_size - ret );
+ }
+ *data_length = ret;
+ return( PSA_SUCCESS );
+ }
+ else
+#endif /* defined(MBEDTLS_PK_WRITE_C) */
+ {
+ /* This shouldn't happen in the reference implementation, but
+ it is valid for a special-purpose implementation to omit
+ support for exporting certain key types. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ }
+}
+
+psa_status_t psa_export_key( psa_key_handle_t handle,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ /* Set the key to empty now, so that even when there are errors, we always
+ * set data_length to a value between 0 and data_size. On error, setting
+ * the key to empty is a good choice because an empty key representation is
+ * unlikely to be accepted anywhere. */
+ *data_length = 0;
+
+ /* Export requires the EXPORT flag. There is an exception for public keys,
+ * which don't require any flag, but psa_get_key_from_slot takes
+ * care of this. */
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_EXPORT, 0 );
+ if( status != PSA_SUCCESS )
+ return( status );
+ return( psa_internal_export_key( slot, data, data_size,
+ data_length, 0 ) );
+}
+
+psa_status_t psa_export_public_key( psa_key_handle_t handle,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ /* Set the key to empty now, so that even when there are errors, we always
+ * set data_length to a value between 0 and data_size. On error, setting
+ * the key to empty is a good choice because an empty key representation is
+ * unlikely to be accepted anywhere. */
+ *data_length = 0;
+
+ /* Exporting a public key doesn't require a usage flag. */
+ status = psa_get_key_from_slot( handle, &slot, 0, 0 );
+ if( status != PSA_SUCCESS )
+ return( status );
+ return( psa_internal_export_key( slot, data, data_size,
+ data_length, 1 ) );
+}
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t *slot,
+ size_t bits )
+{
+ psa_status_t status;
+ uint8_t *data;
+ size_t key_length;
+ size_t data_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type, bits );
+ data = mbedtls_calloc( 1, data_size );
+ if( data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ /* Get key data in export format */
+ status = psa_internal_export_key( slot, data, data_size, &key_length, 0 );
+ if( status != PSA_SUCCESS )
+ {
+ slot->type = PSA_KEY_TYPE_NONE;
+ goto exit;
+ }
+ /* Store in file location */
+ status = psa_save_persistent_key( slot->persistent_storage_id,
+ slot->type, &slot->policy,
+ data, key_length );
+ if( status != PSA_SUCCESS )
+ {
+ slot->type = PSA_KEY_TYPE_NONE;
+ }
+exit:
+ mbedtls_platform_zeroize( data, key_length );
+ mbedtls_free( data );
+ return( status );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
+ psa_key_handle_t target )
+{
+ psa_status_t status;
+ uint8_t *buffer = NULL;
+ size_t buffer_size = 0;
+ size_t length;
+
+ buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->type,
+ psa_get_key_bits( source ) );
+ buffer = mbedtls_calloc( 1, buffer_size );
+ if( buffer == NULL && buffer_size != 0 )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = psa_import_key( target, source->type, buffer, length );
+
+exit:
+ if( buffer_size != 0 )
+ mbedtls_platform_zeroize( buffer, buffer_size );
+ mbedtls_free( buffer );
+ return( status );
+}
+
+psa_status_t psa_copy_key(psa_key_handle_t source_handle,
+ psa_key_handle_t target_handle,
+ const psa_key_policy_t *constraint)
+{
+ psa_key_slot_t *source_slot = NULL;
+ psa_key_slot_t *target_slot = NULL;
+ psa_key_policy_t new_policy;
+ psa_status_t status;
+ status = psa_get_key_from_slot( source_handle, &source_slot, 0, 0 );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_get_empty_key_slot( target_handle, &target_slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ new_policy = target_slot->policy;
+ status = psa_restrict_key_policy( &new_policy, &source_slot->policy );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( constraint != NULL )
+ {
+ status = psa_restrict_key_policy( &new_policy, constraint );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+
+ status = psa_copy_key_material( source_slot, target_handle );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ target_slot->policy = new_policy;
+ return( PSA_SUCCESS );
+}
+
+
+
+/****************************************************************/
+/* Message digests */
+/****************************************************************/
+
+static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
+{
+ switch( alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ return( &mbedtls_md2_info );
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ return( &mbedtls_md4_info );
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ return( &mbedtls_md5_info );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ return( &mbedtls_ripemd160_info );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ return( &mbedtls_sha1_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ return( &mbedtls_sha224_info );
+ case PSA_ALG_SHA_256:
+ return( &mbedtls_sha256_info );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ return( &mbedtls_sha384_info );
+ case PSA_ALG_SHA_512:
+ return( &mbedtls_sha512_info );
+#endif
+ default:
+ return( NULL );
+ }
+}
+
+psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
+{
+ switch( operation->alg )
+ {
+ case 0:
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ break;
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ mbedtls_md2_free( &operation->ctx.md2 );
+ break;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ mbedtls_md4_free( &operation->ctx.md4 );
+ break;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ mbedtls_md5_free( &operation->ctx.md5 );
+ break;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_free( &operation->ctx.sha1 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_free( &operation->ctx.sha256 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_free( &operation->ctx.sha512 );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+ operation->alg = 0;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ int ret;
+
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ switch( alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ mbedtls_md2_init( &operation->ctx.md2 );
+ ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
+ break;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ mbedtls_md4_init( &operation->ctx.md4 );
+ ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
+ break;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ mbedtls_md5_init( &operation->ctx.md5 );
+ ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
+ break;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
+ ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_init( &operation->ctx.sha1 );
+ ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ mbedtls_sha256_init( &operation->ctx.sha256 );
+ ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
+ break;
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_init( &operation->ctx.sha256 );
+ ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ mbedtls_sha512_init( &operation->ctx.sha512 );
+ ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
+ break;
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_init( &operation->ctx.sha512 );
+ ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
+ break;
+#endif
+ default:
+ return( PSA_ALG_IS_HASH( alg ) ?
+ PSA_ERROR_NOT_SUPPORTED :
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( ret == 0 )
+ operation->alg = alg;
+ else
+ psa_hash_abort( operation );
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+psa_status_t psa_hash_update( psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ int ret;
+
+ /* Don't require hash implementations to behave correctly on a
+ * zero-length input, which may have an invalid pointer. */
+ if( input_length == 0 )
+ return( PSA_SUCCESS );
+
+ switch( operation->alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ ret = mbedtls_md2_update_ret( &operation->ctx.md2,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ ret = mbedtls_md4_update_ret( &operation->ctx.md4,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ ret = mbedtls_md5_update_ret( &operation->ctx.md5,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ case PSA_ALG_SHA_256:
+ ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ input, input_length );
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ case PSA_ALG_SHA_512:
+ ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ input, input_length );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( ret != 0 )
+ psa_hash_abort( operation );
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ psa_status_t status;
+ int ret;
+ size_t actual_hash_length = PSA_HASH_SIZE( operation->alg );
+
+ /* Fill the output buffer with something that isn't a valid hash
+ * (barring an attack on the hash and deliberately-crafted input),
+ * in case the caller doesn't check the return status properly. */
+ *hash_length = hash_size;
+ /* If hash_size is 0 then hash may be NULL and then the
+ * call to memset would have undefined behavior. */
+ if( hash_size != 0 )
+ memset( hash, '!', hash_size );
+
+ if( hash_size < actual_hash_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ switch( operation->alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
+ break;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
+ break;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
+ break;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
+ break;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ case PSA_ALG_SHA_256:
+ ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ case PSA_ALG_SHA_512:
+ ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+ status = mbedtls_to_psa_error( ret );
+
+exit:
+ if( status == PSA_SUCCESS )
+ {
+ *hash_length = actual_hash_length;
+ return( psa_hash_abort( operation ) );
+ }
+ else
+ {
+ psa_hash_abort( operation );
+ return( status );
+ }
+}
+
+psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
+ const uint8_t *hash,
+ size_t hash_length )
+{
+ uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
+ size_t actual_hash_length;
+ psa_status_t status = psa_hash_finish( operation,
+ actual_hash, sizeof( actual_hash ),
+ &actual_hash_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( actual_hash_length != hash_length )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation )
+{
+ if( target_operation->alg != 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ switch( source_operation->alg )
+ {
+ case 0:
+ return( PSA_ERROR_BAD_STATE );
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ mbedtls_md2_clone( &target_operation->ctx.md2,
+ &source_operation->ctx.md2 );
+ break;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ mbedtls_md4_clone( &target_operation->ctx.md4,
+ &source_operation->ctx.md4 );
+ break;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ mbedtls_md5_clone( &target_operation->ctx.md5,
+ &source_operation->ctx.md5 );
+ break;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
+ &source_operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_clone( &target_operation->ctx.sha1,
+ &source_operation->ctx.sha1 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_clone( &target_operation->ctx.sha256,
+ &source_operation->ctx.sha256 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_384:
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_clone( &target_operation->ctx.sha512,
+ &source_operation->ctx.sha512 );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ target_operation->alg = source_operation->alg;
+ return( PSA_SUCCESS );
+}
+
+
+/****************************************************************/
+/* MAC */
+/****************************************************************/
+
+static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ size_t key_bits,
+ mbedtls_cipher_id_t* cipher_id )
+{
+ mbedtls_cipher_mode_t mode;
+ mbedtls_cipher_id_t cipher_id_tmp;
+
+ if( PSA_ALG_IS_AEAD( alg ) )
+ alg = PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 );
+
+ if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
+ {
+ switch( alg )
+ {
+ case PSA_ALG_ARC4:
+ mode = MBEDTLS_MODE_STREAM;
+ break;
+ case PSA_ALG_CTR:
+ mode = MBEDTLS_MODE_CTR;
+ break;
+ case PSA_ALG_CFB:
+ mode = MBEDTLS_MODE_CFB;
+ break;
+ case PSA_ALG_OFB:
+ mode = MBEDTLS_MODE_OFB;
+ break;
+ case PSA_ALG_CBC_NO_PADDING:
+ mode = MBEDTLS_MODE_CBC;
+ break;
+ case PSA_ALG_CBC_PKCS7:
+ mode = MBEDTLS_MODE_CBC;
+ break;
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):
+ mode = MBEDTLS_MODE_CCM;
+ break;
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
+ mode = MBEDTLS_MODE_GCM;
+ break;
+ default:
+ return( NULL );
+ }
+ }
+ else if( alg == PSA_ALG_CMAC )
+ mode = MBEDTLS_MODE_ECB;
+ else if( alg == PSA_ALG_GMAC )
+ mode = MBEDTLS_MODE_GCM;
+ else
+ return( NULL );
+
+ switch( key_type )
+ {
+ case PSA_KEY_TYPE_AES:
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
+ break;
+ case PSA_KEY_TYPE_DES:
+ /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
+ * and 192 for three-key Triple-DES. */
+ if( key_bits == 64 )
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
+ else
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
+ /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
+ * but two-key Triple-DES is functionally three-key Triple-DES
+ * with K1=K3, so that's how we present it to mbedtls. */
+ if( key_bits == 128 )
+ key_bits = 192;
+ break;
+ case PSA_KEY_TYPE_CAMELLIA:
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
+ break;
+ case PSA_KEY_TYPE_ARC4:
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
+ break;
+ default:
+ return( NULL );
+ }
+ if( cipher_id != NULL )
+ *cipher_id = cipher_id_tmp;
+
+ return( mbedtls_cipher_info_from_values( cipher_id_tmp,
+ (int) key_bits, mode ) );
+}
+
+#if defined(MBEDTLS_MD_C)
+static size_t psa_get_hash_block_size( psa_algorithm_t alg )
+{
+ switch( alg )
+ {
+ case PSA_ALG_MD2:
+ return( 16 );
+ case PSA_ALG_MD4:
+ return( 64 );
+ case PSA_ALG_MD5:
+ return( 64 );
+ case PSA_ALG_RIPEMD160:
+ return( 64 );
+ case PSA_ALG_SHA_1:
+ return( 64 );
+ case PSA_ALG_SHA_224:
+ return( 64 );
+ case PSA_ALG_SHA_256:
+ return( 64 );
+ case PSA_ALG_SHA_384:
+ return( 128 );
+ case PSA_ALG_SHA_512:
+ return( 128 );
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_MD_C */
+
+/* Initialize the MAC operation structure. Once this function has been
+ * called, psa_mac_abort can run and will do the right thing. */
+static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+
+ operation->alg = alg;
+ operation->key_set = 0;
+ operation->iv_set = 0;
+ operation->iv_required = 0;
+ operation->has_input = 0;
+ operation->is_sign = 0;
+
+#if defined(MBEDTLS_CMAC_C)
+ if( alg == PSA_ALG_CMAC )
+ {
+ operation->iv_required = 0;
+ mbedtls_cipher_init( &operation->ctx.cmac );
+ status = PSA_SUCCESS;
+ }
+ else
+#endif /* MBEDTLS_CMAC_C */
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ /* We'll set up the hash operation later in psa_hmac_setup_internal. */
+ operation->ctx.hmac.hash_ctx.alg = 0;
+ status = PSA_SUCCESS;
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ if( ! PSA_ALG_IS_MAC( alg ) )
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if( status != PSA_SUCCESS )
+ memset( operation, 0, sizeof( *operation ) );
+ return( status );
+}
+
+#if defined(MBEDTLS_MD_C)
+static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
+{
+ mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
+ return( psa_hash_abort( &hmac->hash_ctx ) );
+}
+
+static void psa_hmac_init_internal( psa_hmac_internal_data *hmac )
+{
+ /* Instances of psa_hash_operation_s can be initialized by zeroization. */
+ memset( hmac, 0, sizeof( *hmac ) );
+}
+#endif /* MBEDTLS_MD_C */
+
+psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
+{
+ if( operation->alg == 0 )
+ {
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ return( PSA_SUCCESS );
+ }
+ else
+#if defined(MBEDTLS_CMAC_C)
+ if( operation->alg == PSA_ALG_CMAC )
+ {
+ mbedtls_cipher_free( &operation->ctx.cmac );
+ }
+ else
+#endif /* MBEDTLS_CMAC_C */
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ psa_hmac_abort_internal( &operation->ctx.hmac );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ /* Sanity check (shouldn't happen: operation->alg should
+ * always have been initialized to a valid value). */
+ goto bad_state;
+ }
+
+ operation->alg = 0;
+ operation->key_set = 0;
+ operation->iv_set = 0;
+ operation->iv_required = 0;
+ operation->has_input = 0;
+ operation->is_sign = 0;
+
+ return( PSA_SUCCESS );
+
+bad_state:
+ /* If abort is called on an uninitialized object, we can't trust
+ * anything. Wipe the object in case it contains confidential data.
+ * This may result in a memory leak if a pointer gets overwritten,
+ * but it's too late to do anything about this. */
+ memset( operation, 0, sizeof( *operation ) );
+ return( PSA_ERROR_BAD_STATE );
+}
+
+#if defined(MBEDTLS_CMAC_C)
+static int psa_cmac_setup( psa_mac_operation_t *operation,
+ size_t key_bits,
+ psa_key_slot_t *slot,
+ const mbedtls_cipher_info_t *cipher_info )
+{
+ int ret;
+
+ operation->mac_size = cipher_info->block_size;
+
+ ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
+ slot->data.raw.data,
+ key_bits );
+ return( ret );
+}
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_MD_C)
+static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t hash_alg )
+{
+ unsigned char ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ size_t i;
+ size_t hash_size = PSA_HASH_SIZE( hash_alg );
+ size_t block_size = psa_get_hash_block_size( hash_alg );
+ psa_status_t status;
+
+ /* Sanity checks on block_size, to guarantee that there won't be a buffer
+ * overflow below. This should never trigger if the hash algorithm
+ * is implemented correctly. */
+ /* The size checks against the ipad and opad buffers cannot be written
+ * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
+ * because that triggers -Wlogical-op on GCC 7.3. */
+ if( block_size > sizeof( ipad ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( block_size > sizeof( hmac->opad ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( block_size < hash_size )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ if( key_length > block_size )
+ {
+ status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_update( &hmac->hash_ctx, key, key_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ status = psa_hash_finish( &hmac->hash_ctx,
+ ipad, sizeof( ipad ), &key_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ }
+ /* A 0-length key is not commonly used in HMAC when used as a MAC,
+ * but it is permitted. It is common when HMAC is used in HKDF, for
+ * example. Don't call `memcpy` in the 0-length because `key` could be
+ * an invalid pointer which would make the behavior undefined. */
+ else if( key_length != 0 )
+ memcpy( ipad, key, key_length );
+
+ /* ipad contains the key followed by garbage. Xor and fill with 0x36
+ * to create the ipad value. */
+ for( i = 0; i < key_length; i++ )
+ ipad[i] ^= 0x36;
+ memset( ipad + key_length, 0x36, block_size - key_length );
+
+ /* Copy the key material from ipad to opad, flipping the requisite bits,
+ * and filling the rest of opad with the requisite constant. */
+ for( i = 0; i < key_length; i++ )
+ hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
+ memset( hmac->opad + key_length, 0x5C, block_size - key_length );
+
+ status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
+
+cleanup:
+ mbedtls_platform_zeroize( ipad, key_length );
+
+ return( status );
+}
+#endif /* MBEDTLS_MD_C */
+
+static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ int is_sign )
+{
+ psa_status_t status;
+ psa_key_slot_t *slot;
+ size_t key_bits;
+ psa_key_usage_t usage =
+ is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY;
+ unsigned char truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
+ psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
+
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ status = psa_mac_init( operation, full_length_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( is_sign )
+ operation->is_sign = 1;
+
+ status = psa_get_key_from_slot( handle, &slot, usage, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ key_bits = psa_get_key_bits( slot );
+
+#if defined(MBEDTLS_CMAC_C)
+ if( full_length_alg == PSA_ALG_CMAC )
+ {
+ const mbedtls_cipher_info_t *cipher_info =
+ mbedtls_cipher_info_from_psa( full_length_alg,
+ slot->type, key_bits, NULL );
+ int ret;
+ if( cipher_info == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ operation->mac_size = cipher_info->block_size;
+ ret = psa_cmac_setup( operation, key_bits, slot, cipher_info );
+ status = mbedtls_to_psa_error( ret );
+ }
+ else
+#endif /* MBEDTLS_CMAC_C */
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HMAC( full_length_alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
+ if( hash_alg == 0 )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+
+ operation->mac_size = PSA_HASH_SIZE( hash_alg );
+ /* Sanity check. This shouldn't fail on a valid configuration. */
+ if( operation->mac_size == 0 ||
+ operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+
+ if( slot->type != PSA_KEY_TYPE_HMAC )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ status = psa_hmac_setup_internal( &operation->ctx.hmac,
+ slot->data.raw.data,
+ slot->data.raw.bytes,
+ hash_alg );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ (void) key_bits;
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ if( truncated == 0 )
+ {
+ /* The "normal" case: untruncated algorithm. Nothing to do. */
+ }
+ else if( truncated < 4 )
+ {
+ /* A very short MAC is too short for security since it can be
+ * brute-forced. Ancient protocols with 32-bit MACs do exist,
+ * so we make this our minimum, even though 32 bits is still
+ * too small for security. */
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+ else if( truncated > operation->mac_size )
+ {
+ /* It's impossible to "truncate" to a larger length. */
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+ else
+ operation->mac_size = truncated;
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ psa_mac_abort( operation );
+ }
+ else
+ {
+ operation->key_set = 1;
+ }
+ return( status );
+}
+
+psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg )
+{
+ return( psa_mac_setup( operation, handle, alg, 1 ) );
+}
+
+psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg )
+{
+ return( psa_mac_setup( operation, handle, alg, 0 ) );
+}
+
+psa_status_t psa_mac_update( psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ psa_status_t status = PSA_ERROR_BAD_STATE;
+ if( ! operation->key_set )
+ return( PSA_ERROR_BAD_STATE );
+ if( operation->iv_required && ! operation->iv_set )
+ return( PSA_ERROR_BAD_STATE );
+ operation->has_input = 1;
+
+#if defined(MBEDTLS_CMAC_C)
+ if( operation->alg == PSA_ALG_CMAC )
+ {
+ int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
+ input, input_length );
+ status = mbedtls_to_psa_error( ret );
+ }
+ else
+#endif /* MBEDTLS_CMAC_C */
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
+ input_length );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ /* This shouldn't happen if `operation` was initialized by
+ * a setup function. */
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( status != PSA_SUCCESS )
+ psa_mac_abort( operation );
+ return( status );
+}
+
+#if defined(MBEDTLS_MD_C)
+static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
+ uint8_t *mac,
+ size_t mac_size )
+{
+ unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
+ psa_algorithm_t hash_alg = hmac->hash_ctx.alg;
+ size_t hash_size = 0;
+ size_t block_size = psa_get_hash_block_size( hash_alg );
+ psa_status_t status;
+
+ status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
+ if( status != PSA_SUCCESS )
+ return( status );
+ /* From here on, tmp needs to be wiped. */
+
+ status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ memcpy( mac, tmp, mac_size );
+
+exit:
+ mbedtls_platform_zeroize( tmp, hash_size );
+ return( status );
+}
+#endif /* MBEDTLS_MD_C */
+
+static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size )
+{
+ if( ! operation->key_set )
+ return( PSA_ERROR_BAD_STATE );
+ if( operation->iv_required && ! operation->iv_set )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( mac_size < operation->mac_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_CMAC_C)
+ if( operation->alg == PSA_ALG_CMAC )
+ {
+ uint8_t tmp[PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE];
+ int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
+ if( ret == 0 )
+ memcpy( mac, tmp, operation->mac_size );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif /* MBEDTLS_CMAC_C */
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ return( psa_hmac_finish_internal( &operation->ctx.hmac,
+ mac, operation->mac_size ) );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ /* This shouldn't happen if `operation` was initialized by
+ * a setup function. */
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ psa_status_t status;
+
+ if( operation->alg == 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ /* Fill the output buffer with something that isn't a valid mac
+ * (barring an attack on the mac and deliberately-crafted input),
+ * in case the caller doesn't check the return status properly. */
+ *mac_length = mac_size;
+ /* If mac_size is 0 then mac may be NULL and then the
+ * call to memset would have undefined behavior. */
+ if( mac_size != 0 )
+ memset( mac, '!', mac_size );
+
+ if( ! operation->is_sign )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ status = psa_mac_finish_internal( operation, mac, mac_size );
+
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_mac_abort( operation );
+ if( status == PSA_SUCCESS )
+ *mac_length = operation->mac_size;
+ else
+ memset( mac, '!', mac_size );
+ }
+ else
+ psa_mac_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ uint8_t actual_mac[PSA_MAC_MAX_SIZE];
+ psa_status_t status;
+
+ if( operation->alg == 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( operation->is_sign )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+ if( operation->mac_size != mac_length )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto cleanup;
+ }
+
+ status = psa_mac_finish_internal( operation,
+ actual_mac, sizeof( actual_mac ) );
+
+ if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
+ status = PSA_ERROR_INVALID_SIGNATURE;
+
+cleanup:
+ if( status == PSA_SUCCESS )
+ status = psa_mac_abort( operation );
+ else
+ psa_mac_abort( operation );
+
+ mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+
+ return( status );
+}
+
+
+
+/****************************************************************/
+/* Asymmetric cryptography */
+/****************************************************************/
+
+#if defined(MBEDTLS_RSA_C)
+/* Decode the hash algorithm from alg and store the mbedtls encoding in
+ * md_alg. Verify that the hash length is acceptable. */
+static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
+ size_t hash_length,
+ mbedtls_md_type_t *md_alg )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ *md_alg = mbedtls_md_get_type( md_info );
+
+ /* The Mbed TLS RSA module uses an unsigned int for hash length
+ * parameters. Validate that it fits so that we don't risk an
+ * overflow later. */
+#if SIZE_MAX > UINT_MAX
+ if( hash_length > UINT_MAX )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#endif
+
+#if defined(MBEDTLS_PKCS1_V15)
+ /* For PKCS#1 v1.5 signature, if using a hash, the hash length
+ * must be correct. */
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
+ alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+ {
+ if( md_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( mbedtls_md_get_size( md_info ) != hash_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+#endif /* MBEDTLS_PKCS1_V15 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+ /* PSS requires a hash internally. */
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ if( md_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+#endif /* MBEDTLS_PKCS1_V21 */
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ psa_status_t status;
+ int ret;
+ mbedtls_md_type_t md_alg;
+
+ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( signature_size < mbedtls_rsa_get_len( rsa ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_pkcs1_sign( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PRIVATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ ret = mbedtls_rsa_rsassa_pss_sign( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PRIVATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ if( ret == 0 )
+ *signature_length = mbedtls_rsa_get_len( rsa );
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ psa_status_t status;
+ int ret;
+ mbedtls_md_type_t md_alg;
+
+ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( signature_length < mbedtls_rsa_get_len( rsa ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ ret = mbedtls_rsa_rsassa_pss_verify( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ /* Mbed TLS distinguishes "invalid padding" from "valid padding but
+ * the rest of the signature is invalid". This has little use in
+ * practice and PSA doesn't report this distinction. */
+ if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ return( mbedtls_to_psa_error( ret ) );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+/* `ecp` cannot be const because `ecp->grp` needs to be non-const
+ * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
+ * (even though these functions don't modify it). */
+static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ int ret;
+ mbedtls_mpi r, s;
+ size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+
+ if( signature_size < 2 * curve_bytes )
+ {
+ ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ goto cleanup;
+ }
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp->grp, &r, &s, &ecp->d,
+ hash, hash_length,
+ md_alg ) );
+ }
+ else
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+ {
+ (void) alg;
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
+ hash, hash_length,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg ) );
+ }
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
+ signature,
+ curve_bytes ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
+ signature + curve_bytes,
+ curve_bytes ) );
+
+cleanup:
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+ if( ret == 0 )
+ *signature_length = 2 * curve_bytes;
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ int ret;
+ mbedtls_mpi r, s;
+ size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+
+ if( signature_length != 2 * curve_bytes )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
+ signature,
+ curve_bytes ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
+ signature + curve_bytes,
+ curve_bytes ) );
+
+ ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
+ &ecp->Q, &r, &s );
+
+cleanup:
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+ return( mbedtls_to_psa_error( ret ) );
+}
+#endif /* MBEDTLS_ECDSA_C */
+
+psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ *signature_length = signature_size;
+
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_RSA_C)
+ if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ status = psa_rsa_sign( slot->data.rsa,
+ alg,
+ hash, hash_length,
+ signature, signature_size,
+ signature_length );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ if(
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ PSA_ALG_IS_ECDSA( alg )
+#else
+ PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
+#endif
+ )
+ status = psa_ecdsa_sign( slot->data.ecp,
+ alg,
+ hash, hash_length,
+ signature, signature_size,
+ signature_length );
+ else
+#endif /* defined(MBEDTLS_ECDSA_C) */
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+exit:
+ /* Fill the unused part of the output buffer (the whole buffer on error,
+ * the trailing part on success) with something that isn't a valid mac
+ * (barring an attack on the mac and deliberately-crafted input),
+ * in case the caller doesn't check the return status properly. */
+ if( status == PSA_SUCCESS )
+ memset( signature + *signature_length, '!',
+ signature_size - *signature_length );
+ else if( signature_size != 0 )
+ memset( signature, '!', signature_size );
+ /* If signature_size is 0 then we have nothing to do. We must not call
+ * memset because signature may be NULL in this case. */
+ return( status );
+}
+
+psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ {
+ return( psa_rsa_verify( slot->data.rsa,
+ alg,
+ hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_ALG_IS_ECDSA( alg ) )
+ return( psa_ecdsa_verify( slot->data.ecp,
+ hash, hash_length,
+ signature, signature_length ) );
+ else
+#endif /* defined(MBEDTLS_ECDSA_C) */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
+static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+}
+#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) */
+
+psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) output;
+ (void) output_size;
+
+ *output_length = 0;
+
+ if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ||
+ PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+ {
+ mbedtls_rsa_context *rsa = slot->data.rsa;
+ int ret;
+ if( output_size < mbedtls_rsa_get_len( rsa ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#if defined(MBEDTLS_PKCS1_V15)
+ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ {
+ ret = mbedtls_rsa_pkcs1_encrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ input_length,
+ input,
+ output );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( PSA_ALG_IS_RSA_OAEP( alg ) )
+ {
+ psa_rsa_oaep_set_padding_mode( alg, rsa );
+ ret = mbedtls_rsa_rsaes_oaep_encrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ salt, salt_length,
+ input_length,
+ input,
+ output );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( ret == 0 )
+ *output_length = mbedtls_rsa_get_len( rsa );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) output;
+ (void) output_size;
+
+ *output_length = 0;
+
+ if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_RSA_C)
+ if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ mbedtls_rsa_context *rsa = slot->data.rsa;
+ int ret;
+
+ if( input_length != mbedtls_rsa_get_len( rsa ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ {
+ ret = mbedtls_rsa_pkcs1_decrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PRIVATE,
+ output_length,
+ input,
+ output,
+ output_size );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( PSA_ALG_IS_RSA_OAEP( alg ) )
+ {
+ psa_rsa_oaep_set_padding_mode( alg, rsa );
+ ret = mbedtls_rsa_rsaes_oaep_decrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PRIVATE,
+ salt, salt_length,
+ output_length,
+ input,
+ output,
+ output_size );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+
+
+/****************************************************************/
+/* Symmetric cryptography */
+/****************************************************************/
+
+/* Initialize the cipher operation structure. Once this function has been
+ * called, psa_cipher_abort can run and will do the right thing. */
+static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ if( ! PSA_ALG_IS_CIPHER( alg ) )
+ {
+ memset( operation, 0, sizeof( *operation ) );
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ operation->alg = alg;
+ operation->key_set = 0;
+ operation->iv_set = 0;
+ operation->iv_required = 1;
+ operation->iv_size = 0;
+ operation->block_size = 0;
+ mbedtls_cipher_init( &operation->ctx.cipher );
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ mbedtls_operation_t cipher_operation )
+{
+ int ret = 0;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_slot_t *slot;
+ size_t key_bits;
+ const mbedtls_cipher_info_t *cipher_info = NULL;
+ psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_DECRYPT );
+
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ status = psa_cipher_init( operation, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_get_key_from_slot( handle, &slot, usage, alg);
+ if( status != PSA_SUCCESS )
+ goto exit;
+ key_bits = psa_get_key_bits( slot );
+
+ cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits, NULL );
+ if( cipher_info == NULL )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+
+ ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
+ if( ret != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_DES_C)
+ if( slot->type == PSA_KEY_TYPE_DES && key_bits == 128 )
+ {
+ /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
+ unsigned char keys[24];
+ memcpy( keys, slot->data.raw.data, 16 );
+ memcpy( keys + 16, slot->data.raw.data, 8 );
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
+ keys,
+ 192, cipher_operation );
+ }
+ else
+#endif
+ {
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
+ slot->data.raw.data,
+ (int) key_bits, cipher_operation );
+ }
+ if( ret != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ switch( alg )
+ {
+ case PSA_ALG_CBC_NO_PADDING:
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
+ MBEDTLS_PADDING_NONE );
+ break;
+ case PSA_ALG_CBC_PKCS7:
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
+ MBEDTLS_PADDING_PKCS7 );
+ break;
+ default:
+ /* The algorithm doesn't involve padding. */
+ ret = 0;
+ break;
+ }
+ if( ret != 0 )
+ goto exit;
+#endif //MBEDTLS_CIPHER_MODE_WITH_PADDING
+
+ operation->key_set = 1;
+ operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ) );
+ if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG )
+ {
+ operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type );
+ }
+
+exit:
+ if( status == 0 )
+ status = mbedtls_to_psa_error( ret );
+ if( status != 0 )
+ psa_cipher_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg )
+{
+ return( psa_cipher_setup( operation, handle, alg, MBEDTLS_ENCRYPT ) );
+}
+
+psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg )
+{
+ return( psa_cipher_setup( operation, handle, alg, MBEDTLS_DECRYPT ) );
+}
+
+psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
+ unsigned char *iv,
+ size_t iv_size,
+ size_t *iv_length )
+{
+ psa_status_t status;
+ int ret;
+ if( operation->iv_set || ! operation->iv_required )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+ if( iv_size < operation->iv_size )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+ ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
+ iv, operation->iv_size );
+ if( ret != 0 )
+ {
+ status = mbedtls_to_psa_error( ret );
+ goto exit;
+ }
+
+ *iv_length = operation->iv_size;
+ status = psa_cipher_set_iv( operation, iv, *iv_length );
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_cipher_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
+ const unsigned char *iv,
+ size_t iv_length )
+{
+ psa_status_t status;
+ int ret;
+ if( operation->iv_set || ! operation->iv_required )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+ if( iv_length != operation->iv_size )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
+ status = mbedtls_to_psa_error( ret );
+exit:
+ if( status == PSA_SUCCESS )
+ operation->iv_set = 1;
+ else
+ psa_cipher_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status;
+ int ret;
+ size_t expected_output_size;
+
+ if( operation->alg == 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
+ {
+ /* Take the unprocessed partial block left over from previous
+ * update calls, if any, plus the input to this call. Remove
+ * the last partial block, if any. You get the data that will be
+ * output in this call. */
+ expected_output_size =
+ ( operation->ctx.cipher.unprocessed_len + input_length )
+ / operation->block_size * operation->block_size;
+ }
+ else
+ {
+ expected_output_size = input_length;
+ }
+
+ if( output_size < expected_output_size )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ ret = mbedtls_cipher_update( &operation->ctx.cipher, input,
+ input_length, output, output_length );
+ status = mbedtls_to_psa_error( ret );
+exit:
+ if( status != PSA_SUCCESS )
+ psa_cipher_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
+
+ if( ! operation->key_set )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+ if( operation->iv_required && ! operation->iv_set )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT &&
+ operation->alg == PSA_ALG_CBC_NO_PADDING &&
+ operation->ctx.cipher.unprocessed_len != 0 )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto error;
+ }
+
+ cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher,
+ temp_output_buffer,
+ output_length );
+ if( cipher_ret != 0 )
+ {
+ status = mbedtls_to_psa_error( cipher_ret );
+ goto error;
+ }
+
+ if( *output_length == 0 )
+ ; /* Nothing to copy. Note that output may be NULL in this case. */
+ else if( output_size >= *output_length )
+ memcpy( output, temp_output_buffer, *output_length );
+ else
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto error;
+ }
+
+ mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
+ status = psa_cipher_abort( operation );
+
+ return( status );
+
+error:
+
+ *output_length = 0;
+
+ mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
+ (void) psa_cipher_abort( operation );
+
+ return( status );
+}
+
+psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
+{
+ if( operation->alg == 0 )
+ {
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ return( PSA_SUCCESS );
+ }
+
+ /* Sanity check (shouldn't happen: operation->alg should
+ * always have been initialized to a valid value). */
+ if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
+ return( PSA_ERROR_BAD_STATE );
+
+ mbedtls_cipher_free( &operation->ctx.cipher );
+
+ operation->alg = 0;
+ operation->key_set = 0;
+ operation->iv_set = 0;
+ operation->iv_size = 0;
+ operation->block_size = 0;
+ operation->iv_required = 0;
+
+ return( PSA_SUCCESS );
+}
+
+
+
+/****************************************************************/
+/* Key Policy */
+/****************************************************************/
+
+#if !defined(MBEDTLS_PSA_CRYPTO_SPM)
+void psa_key_policy_set_usage( psa_key_policy_t *policy,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ policy->usage = usage;
+ policy->alg = alg;
+}
+
+psa_key_usage_t psa_key_policy_get_usage( const psa_key_policy_t *policy )
+{
+ return( policy->usage );
+}
+
+psa_algorithm_t psa_key_policy_get_algorithm( const psa_key_policy_t *policy )
+{
+ return( policy->alg );
+}
+#endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */
+
+psa_status_t psa_set_key_policy( psa_key_handle_t handle,
+ const psa_key_policy_t *policy )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( policy == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_empty_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_SIGN |
+ PSA_KEY_USAGE_VERIFY |
+ PSA_KEY_USAGE_DERIVE ) ) != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ slot->policy = *policy;
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_get_key_policy( psa_key_handle_t handle,
+ psa_key_policy_t *policy )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( policy == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ *policy = slot->policy;
+
+ return( PSA_SUCCESS );
+}
+
+
+
+/****************************************************************/
+/* Key Lifetime */
+/****************************************************************/
+
+psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
+ psa_key_lifetime_t *lifetime )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ *lifetime = slot->lifetime;
+
+ return( PSA_SUCCESS );
+}
+
+
+
+/****************************************************************/
+/* AEAD */
+/****************************************************************/
+
+typedef struct
+{
+ psa_key_slot_t *slot;
+ const mbedtls_cipher_info_t *cipher_info;
+ union
+ {
+#if defined(MBEDTLS_CCM_C)
+ mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_GCM_C)
+ mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_GCM_C */
+ } ctx;
+ psa_algorithm_t core_alg;
+ uint8_t full_tag_length;
+ uint8_t tag_length;
+} aead_operation_t;
+
+static void psa_aead_abort( aead_operation_t *operation )
+{
+ switch( operation->core_alg )
+ {
+#if defined(MBEDTLS_CCM_C)
+ case PSA_ALG_CCM:
+ mbedtls_ccm_free( &operation->ctx.ccm );
+ break;
+#endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_GCM_C)
+ case PSA_ALG_GCM:
+ mbedtls_gcm_free( &operation->ctx.gcm );
+ break;
+#endif /* MBEDTLS_GCM_C */
+ }
+}
+
+static psa_status_t psa_aead_setup( aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_status_t status;
+ size_t key_bits;
+ mbedtls_cipher_id_t cipher_id;
+
+ status = psa_get_key_from_slot( handle, &operation->slot, usage, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ key_bits = psa_get_key_bits( operation->slot );
+
+ operation->cipher_info =
+ mbedtls_cipher_info_from_psa( alg, operation->slot->type, key_bits,
+ &cipher_id );
+ if( operation->cipher_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ switch( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) )
+ {
+#if defined(MBEDTLS_CCM_C)
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):
+ operation->core_alg = PSA_ALG_CCM;
+ operation->full_tag_length = 16;
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ mbedtls_ccm_init( &operation->ctx.ccm );
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
+ operation->slot->data.raw.data,
+ (unsigned int) key_bits ) );
+ if( status != 0 )
+ goto cleanup;
+ break;
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_GCM_C)
+ case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
+ operation->core_alg = PSA_ALG_GCM;
+ operation->full_tag_length = 16;
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ mbedtls_gcm_init( &operation->ctx.gcm );
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
+ operation->slot->data.raw.data,
+ (unsigned int) key_bits ) );
+ break;
+#endif /* MBEDTLS_GCM_C */
+
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto cleanup;
+ }
+ operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
+ /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
+ * GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
+ * In both cases, mbedtls_xxx will validate the tag length below. */
+
+ return( PSA_SUCCESS );
+
+cleanup:
+ psa_aead_abort( operation );
+ return( status );
+}
+
+psa_status_t psa_aead_encrypt( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length )
+{
+ psa_status_t status;
+ aead_operation_t operation;
+ uint8_t *tag;
+
+ *ciphertext_length = 0;
+
+ status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_ENCRYPT, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* For all currently supported modes, the tag is at the end of the
+ * ciphertext. */
+ if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+ tag = ciphertext + plaintext_length;
+
+#if defined(MBEDTLS_GCM_C)
+ if( operation.core_alg == PSA_ALG_GCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
+ MBEDTLS_GCM_ENCRYPT,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, ciphertext,
+ operation.tag_length, tag ) );
+ }
+ else
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+ if( operation.core_alg == PSA_ALG_CCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ plaintext, ciphertext,
+ tag, operation.tag_length ) );
+ }
+ else
+#endif /* MBEDTLS_CCM_C */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( status != PSA_SUCCESS && ciphertext_size != 0 )
+ memset( ciphertext, 0, ciphertext_size );
+
+exit:
+ psa_aead_abort( &operation );
+ if( status == PSA_SUCCESS )
+ *ciphertext_length = plaintext_length + operation.tag_length;
+ return( status );
+}
+
+/* Locate the tag in a ciphertext buffer containing the encrypted data
+ * followed by the tag. Return the length of the part preceding the tag in
+ * *plaintext_length. This is the size of the plaintext in modes where
+ * the encrypted data has the same size as the plaintext, such as
+ * CCM and GCM. */
+static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ size_t plaintext_size,
+ const uint8_t **p_tag )
+{
+ size_t payload_length;
+ if( tag_length > ciphertext_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ payload_length = ciphertext_length - tag_length;
+ if( payload_length > plaintext_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ *p_tag = ciphertext + payload_length;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_aead_decrypt( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length )
+{
+ psa_status_t status;
+ aead_operation_t operation;
+ const uint8_t *tag = NULL;
+
+ *plaintext_length = 0;
+
+ status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_DECRYPT, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+#if defined(MBEDTLS_GCM_C)
+ if( operation.core_alg == PSA_ALG_GCM )
+ {
+ status = psa_aead_unpadded_locate_tag( operation.tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ tag, operation.tag_length,
+ ciphertext, plaintext ) );
+ }
+ else
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+ if( operation.core_alg == PSA_ALG_CCM )
+ {
+ status = psa_aead_unpadded_locate_tag( operation.tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ ciphertext, plaintext,
+ tag, operation.tag_length ) );
+ }
+ else
+#endif /* MBEDTLS_CCM_C */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( status != PSA_SUCCESS && plaintext_size != 0 )
+ memset( plaintext, 0, plaintext_size );
+
+exit:
+ psa_aead_abort( &operation );
+ if( status == PSA_SUCCESS )
+ *plaintext_length = ciphertext_length - operation.tag_length;
+ return( status );
+}
+
+
+
+/****************************************************************/
+/* Generators */
+/****************************************************************/
+
+psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
+{
+ psa_status_t status = PSA_SUCCESS;
+ if( generator->alg == 0 )
+ {
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ }
+ else
+ if( generator->alg == PSA_ALG_SELECT_RAW )
+ {
+ if( generator->ctx.buffer.data != NULL )
+ {
+ mbedtls_platform_zeroize( generator->ctx.buffer.data,
+ generator->ctx.buffer.size );
+ mbedtls_free( generator->ctx.buffer.data );
+ }
+ }
+ else
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HKDF( generator->alg ) )
+ {
+ mbedtls_free( generator->ctx.hkdf.info );
+ status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
+ }
+ else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
+ /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
+ PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
+ {
+ if( generator->ctx.tls12_prf.key != NULL )
+ {
+ mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
+ generator->ctx.tls12_prf.key_len );
+ mbedtls_free( generator->ctx.tls12_prf.key );
+ }
+
+ if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
+ {
+ mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
+ generator->ctx.tls12_prf.Ai_with_seed_len );
+ mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
+ }
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ status = PSA_ERROR_BAD_STATE;
+ }
+ memset( generator, 0, sizeof( *generator ) );
+ return( status );
+}
+
+
+psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
+ size_t *capacity)
+{
+ if( generator->alg == 0 )
+ {
+ /* This is a blank generator. */
+ return PSA_ERROR_BAD_STATE;
+ }
+
+ *capacity = generator->capacity;
+ return( PSA_SUCCESS );
+}
+
+#if defined(MBEDTLS_MD_C)
+/* Read some bytes from an HKDF-based generator. This performs a chunk
+ * of the expand phase of the HKDF algorithm. */
+static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
+ psa_algorithm_t hash_alg,
+ uint8_t *output,
+ size_t output_length )
+{
+ uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
+ psa_status_t status;
+
+ while( output_length != 0 )
+ {
+ /* Copy what remains of the current block */
+ uint8_t n = hash_length - hkdf->offset_in_block;
+ if( n > output_length )
+ n = (uint8_t) output_length;
+ memcpy( output, hkdf->output_block + hkdf->offset_in_block, n );
+ output += n;
+ output_length -= n;
+ hkdf->offset_in_block += n;
+ if( output_length == 0 )
+ break;
+ /* We can't be wanting more output after block 0xff, otherwise
+ * the capacity check in psa_generator_read() would have
+ * prevented this call. It could happen only if the generator
+ * object was corrupted or if this function is called directly
+ * inside the library. */
+ if( hkdf->block_number == 0xff )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* We need a new block */
+ ++hkdf->block_number;
+ hkdf->offset_in_block = 0;
+ status = psa_hmac_setup_internal( &hkdf->hmac,
+ hkdf->prk, hash_length,
+ hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( hkdf->block_number != 1 )
+ {
+ status = psa_hash_update( &hkdf->hmac.hash_ctx,
+ hkdf->output_block,
+ hash_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+ status = psa_hash_update( &hkdf->hmac.hash_ctx,
+ hkdf->info,
+ hkdf->info_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_hash_update( &hkdf->hmac.hash_ctx,
+ &hkdf->block_number, 1 );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_hmac_finish_internal( &hkdf->hmac,
+ hkdf->output_block,
+ sizeof( hkdf->output_block ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_generator_tls12_prf_generate_next_block(
+ psa_tls12_prf_generator_t *tls12_prf,
+ psa_algorithm_t alg )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
+ uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
+ psa_hmac_internal_data hmac;
+ psa_status_t status, cleanup_status;
+
+ unsigned char *Ai;
+ size_t Ai_len;
+
+ /* We can't be wanting more output after block 0xff, otherwise
+ * the capacity check in psa_generator_read() would have
+ * prevented this call. It could happen only if the generator
+ * object was corrupted or if this function is called directly
+ * inside the library. */
+ if( tls12_prf->block_number == 0xff )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* We need a new block */
+ ++tls12_prf->block_number;
+ tls12_prf->offset_in_block = 0;
+
+ /* Recall the definition of the TLS-1.2-PRF from RFC 5246:
+ *
+ * PRF(secret, label, seed) = P_<hash>(secret, label + seed)
+ *
+ * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
+ * HMAC_hash(secret, A(2) + seed) +
+ * HMAC_hash(secret, A(3) + seed) + ...
+ *
+ * A(0) = seed
+ * A(i) = HMAC_hash( secret, A(i-1) )
+ *
+ * The `psa_tls12_prf_generator` structures saves the block
+ * `HMAC_hash(secret, A(i) + seed)` from which the output
+ * is currently extracted as `output_block`, while
+ * `A(i) + seed` is stored in `Ai_with_seed`.
+ *
+ * Generating a new block means recalculating `Ai_with_seed`
+ * from the A(i)-part of it, and afterwards recalculating
+ * `output_block`.
+ *
+ * A(0) is computed at setup time.
+ *
+ */
+
+ psa_hmac_init_internal( &hmac );
+
+ /* We must distinguish the calculation of A(1) from those
+ * of A(2) and higher, because A(0)=seed has a different
+ * length than the other A(i). */
+ if( tls12_prf->block_number == 1 )
+ {
+ Ai = tls12_prf->Ai_with_seed + hash_length;
+ Ai_len = tls12_prf->Ai_with_seed_len - hash_length;
+ }
+ else
+ {
+ Ai = tls12_prf->Ai_with_seed;
+ Ai_len = hash_length;
+ }
+
+ /* Compute A(i+1) = HMAC_hash(secret, A(i)) */
+ status = psa_hmac_setup_internal( &hmac,
+ tls12_prf->key,
+ tls12_prf->key_len,
+ hash_alg );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hash_update( &hmac.hash_ctx,
+ Ai, Ai_len );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hmac_finish_internal( &hmac,
+ tls12_prf->Ai_with_seed,
+ hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ /* Compute the next block `HMAC_hash(secret, A(i+1) + seed)`. */
+ status = psa_hmac_setup_internal( &hmac,
+ tls12_prf->key,
+ tls12_prf->key_len,
+ hash_alg );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hash_update( &hmac.hash_ctx,
+ tls12_prf->Ai_with_seed,
+ tls12_prf->Ai_with_seed_len );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hmac_finish_internal( &hmac,
+ tls12_prf->output_block,
+ hash_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+cleanup:
+
+ cleanup_status = psa_hmac_abort_internal( &hmac );
+ if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
+ status = cleanup_status;
+
+ return( status );
+}
+
+/* Read some bytes from an TLS-1.2-PRF-based generator.
+ * See Section 5 of RFC 5246. */
+static psa_status_t psa_generator_tls12_prf_read(
+ psa_tls12_prf_generator_t *tls12_prf,
+ psa_algorithm_t alg,
+ uint8_t *output,
+ size_t output_length )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
+ uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
+ psa_status_t status;
+
+ while( output_length != 0 )
+ {
+ /* Copy what remains of the current block */
+ uint8_t n = hash_length - tls12_prf->offset_in_block;
+
+ /* Check if we have fully processed the current block. */
+ if( n == 0 )
+ {
+ status = psa_generator_tls12_prf_generate_next_block( tls12_prf,
+ alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ continue;
+ }
+
+ if( n > output_length )
+ n = (uint8_t) output_length;
+ memcpy( output, tls12_prf->output_block + tls12_prf->offset_in_block,
+ n );
+ output += n;
+ output_length -= n;
+ tls12_prf->offset_in_block += n;
+ }
+
+ return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_MD_C */
+
+psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
+ uint8_t *output,
+ size_t output_length )
+{
+ psa_status_t status;
+
+ if( generator->alg == 0 )
+ {
+ /* This is a blank generator. */
+ return PSA_ERROR_BAD_STATE;
+ }
+
+ if( output_length > generator->capacity )
+ {
+ generator->capacity = 0;
+ /* Go through the error path to wipe all confidential data now
+ * that the generator object is useless. */
+ status = PSA_ERROR_INSUFFICIENT_DATA;
+ goto exit;
+ }
+ if( output_length == 0 && generator->capacity == 0 )
+ {
+ /* Edge case: this is a finished generator, and 0 bytes
+ * were requested. The right error in this case could
+ * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
+ * INSUFFICIENT_CAPACITY, which is right for a finished
+ * generator, for consistency with the case when
+ * output_length > 0. */
+ return( PSA_ERROR_INSUFFICIENT_DATA );
+ }
+ generator->capacity -= output_length;
+
+ if( generator->alg == PSA_ALG_SELECT_RAW )
+ {
+ /* Initially, the capacity of a selection generator is always
+ * the size of the buffer, i.e. `generator->ctx.buffer.size`,
+ * abbreviated in this comment as `size`. When the remaining
+ * capacity is `c`, the next bytes to serve start `c` bytes
+ * from the end of the buffer, i.e. `size - c` from the
+ * beginning of the buffer. Since `generator->capacity` was just
+ * decremented above, we need to serve the bytes from
+ * `size - generator->capacity - output_length` to
+ * `size - generator->capacity`. */
+ size_t offset =
+ generator->ctx.buffer.size - generator->capacity - output_length;
+ memcpy( output, generator->ctx.buffer.data + offset, output_length );
+ status = PSA_SUCCESS;
+ }
+ else
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HKDF( generator->alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( generator->alg );
+ status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
+ output, output_length );
+ }
+ else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
+ {
+ status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
+ generator->alg, output,
+ output_length );
+ }
+ else
+#endif /* MBEDTLS_MD_C */
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ /* Preserve the algorithm upon errors, but clear all sensitive state.
+ * This allows us to differentiate between exhausted generators and
+ * blank generators, so we can return PSA_ERROR_BAD_STATE on blank
+ * generators. */
+ psa_algorithm_t alg = generator->alg;
+ psa_generator_abort( generator );
+ generator->alg = alg;
+ memset( output, '!', output_length );
+ }
+ return( status );
+}
+
+#if defined(MBEDTLS_DES_C)
+static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
+{
+ if( data_size >= 8 )
+ mbedtls_des_key_set_parity( data );
+ if( data_size >= 16 )
+ mbedtls_des_key_set_parity( data + 8 );
+ if( data_size >= 24 )
+ mbedtls_des_key_set_parity( data + 16 );
+}
+#endif /* MBEDTLS_DES_C */
+
+psa_status_t psa_generator_import_key( psa_key_handle_t handle,
+ psa_key_type_t type,
+ size_t bits,
+ psa_crypto_generator_t *generator )
+{
+ uint8_t *data = NULL;
+ size_t bytes = PSA_BITS_TO_BYTES( bits );
+ psa_status_t status;
+
+ if( ! key_type_is_raw_bytes( type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ if( bits % 8 != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ data = mbedtls_calloc( 1, bytes );
+ if( data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ status = psa_generator_read( generator, data, bytes );
+ if( status != PSA_SUCCESS )
+ goto exit;
+#if defined(MBEDTLS_DES_C)
+ if( type == PSA_KEY_TYPE_DES )
+ psa_des_set_key_parity( data, bytes );
+#endif /* MBEDTLS_DES_C */
+ status = psa_import_key( handle, type, data, bytes );
+
+exit:
+ mbedtls_free( data );
+ return( status );
+}
+
+
+
+/****************************************************************/
+/* Key derivation */
+/****************************************************************/
+
+#if defined(MBEDTLS_MD_C)
+/* Set up an HKDF-based generator. This is exactly the extract phase
+ * of the HKDF algorithm.
+ *
+ * Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
+static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
+ const uint8_t *secret,
+ size_t secret_length,
+ psa_algorithm_t hash_alg,
+ const uint8_t *salt,
+ size_t salt_length,
+ const uint8_t *label,
+ size_t label_length )
+{
+ psa_status_t status;
+ status = psa_hmac_setup_internal( &hkdf->hmac,
+ salt, salt_length,
+ PSA_ALG_HMAC_GET_HASH( hash_alg ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_hash_update( &hkdf->hmac.hash_ctx, secret, secret_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_hmac_finish_internal( &hkdf->hmac,
+ hkdf->prk,
+ sizeof( hkdf->prk ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
+ hkdf->block_number = 0;
+ hkdf->info_length = label_length;
+ if( label_length != 0 )
+ {
+ hkdf->info = mbedtls_calloc( 1, label_length );
+ if( hkdf->info == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ memcpy( hkdf->info, label, label_length );
+ }
+ return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD_C)
+/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
+ *
+ * Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
+static psa_status_t psa_generator_tls12_prf_setup(
+ psa_tls12_prf_generator_t *tls12_prf,
+ const unsigned char *key,
+ size_t key_len,
+ psa_algorithm_t hash_alg,
+ const uint8_t *salt,
+ size_t salt_length,
+ const uint8_t *label,
+ size_t label_length )
+{
+ uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
+ size_t Ai_with_seed_len = hash_length + salt_length + label_length;
+ int overflow;
+
+ tls12_prf->key = mbedtls_calloc( 1, key_len );
+ if( tls12_prf->key == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ tls12_prf->key_len = key_len;
+ memcpy( tls12_prf->key, key, key_len );
+
+ overflow = ( salt_length + label_length < salt_length ) ||
+ ( salt_length + label_length + hash_length < hash_length );
+ if( overflow )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len );
+ if( tls12_prf->Ai_with_seed == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ tls12_prf->Ai_with_seed_len = Ai_with_seed_len;
+
+ /* Write `label + seed' at the end of the `A(i) + seed` buffer,
+ * leaving the initial `hash_length` bytes unspecified for now. */
+ if( label_length != 0 )
+ {
+ memcpy( tls12_prf->Ai_with_seed + hash_length,
+ label, label_length );
+ }
+
+ if( salt_length != 0 )
+ {
+ memcpy( tls12_prf->Ai_with_seed + hash_length + label_length,
+ salt, salt_length );
+ }
+
+ /* The first block gets generated when
+ * psa_generator_read() is called. */
+ tls12_prf->block_number = 0;
+ tls12_prf->offset_in_block = hash_length;
+
+ return( PSA_SUCCESS );
+}
+
+/* Set up a TLS-1.2-PSK-to-MS-based generator. */
+static psa_status_t psa_generator_tls12_psk_to_ms_setup(
+ psa_tls12_prf_generator_t *tls12_prf,
+ const unsigned char *psk,
+ size_t psk_len,
+ psa_algorithm_t hash_alg,
+ const uint8_t *salt,
+ size_t salt_length,
+ const uint8_t *label,
+ size_t label_length )
+{
+ psa_status_t status;
+ unsigned char pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ];
+
+ if( psk_len > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Quoting RFC 4279, Section 2:
+ *
+ * The premaster secret is formed as follows: if the PSK is N octets
+ * long, concatenate a uint16 with the value N, N zero octets, a second
+ * uint16 with the value N, and the PSK itself.
+ */
+
+ pms[0] = ( psk_len >> 8 ) & 0xff;
+ pms[1] = ( psk_len >> 0 ) & 0xff;
+ memset( pms + 2, 0, psk_len );
+ pms[2 + psk_len + 0] = pms[0];
+ pms[2 + psk_len + 1] = pms[1];
+ memcpy( pms + 4 + psk_len, psk, psk_len );
+
+ status = psa_generator_tls12_prf_setup( tls12_prf,
+ pms, 4 + 2 * psk_len,
+ hash_alg,
+ salt, salt_length,
+ label, label_length );
+
+ mbedtls_platform_zeroize( pms, sizeof( pms ) );
+ return( status );
+}
+#endif /* MBEDTLS_MD_C */
+
+/* Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
+static psa_status_t psa_key_derivation_internal(
+ psa_crypto_generator_t *generator,
+ const uint8_t *secret, size_t secret_length,
+ psa_algorithm_t alg,
+ const uint8_t *salt, size_t salt_length,
+ const uint8_t *label, size_t label_length,
+ size_t capacity )
+{
+ psa_status_t status;
+ size_t max_capacity;
+
+ /* Set generator->alg even on failure so that abort knows what to do. */
+ generator->alg = alg;
+
+ if( alg == PSA_ALG_SELECT_RAW )
+ {
+ (void) salt;
+ if( salt_length != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) label;
+ if( label_length != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
+ if( generator->ctx.buffer.data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ memcpy( generator->ctx.buffer.data, secret, secret_length );
+ generator->ctx.buffer.size = secret_length;
+ max_capacity = secret_length;
+ status = PSA_SUCCESS;
+ }
+ else
+#if defined(MBEDTLS_MD_C)
+ if( PSA_ALG_IS_HKDF( alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
+ size_t hash_size = PSA_HASH_SIZE( hash_alg );
+ if( hash_size == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ max_capacity = 255 * hash_size;
+ status = psa_generator_hkdf_setup( &generator->ctx.hkdf,
+ secret, secret_length,
+ hash_alg,
+ salt, salt_length,
+ label, label_length );
+ }
+ /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
+ else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ {
+ psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
+ size_t hash_size = PSA_HASH_SIZE( hash_alg );
+
+ /* TLS-1.2 PRF supports only SHA-256 and SHA-384. */
+ if( hash_alg != PSA_ALG_SHA_256 &&
+ hash_alg != PSA_ALG_SHA_384 )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ max_capacity = 255 * hash_size;
+
+ if( PSA_ALG_IS_TLS12_PRF( alg ) )
+ {
+ status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf,
+ secret, secret_length,
+ hash_alg, salt, salt_length,
+ label, label_length );
+ }
+ else
+ {
+ status = psa_generator_tls12_psk_to_ms_setup(
+ &generator->ctx.tls12_prf,
+ secret, secret_length,
+ hash_alg, salt, salt_length,
+ label, label_length );
+ }
+ }
+ else
+#endif
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( capacity <= max_capacity )
+ generator->capacity = capacity;
+ else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
+ generator->capacity = max_capacity;
+ else
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *salt,
+ size_t salt_length,
+ const uint8_t *label,
+ size_t label_length,
+ size_t capacity )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( generator->alg != 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* Make sure that alg is a key derivation algorithm. This prevents
+ * key selection algorithms, which psa_key_derivation_internal
+ * accepts for the sake of key agreement. */
+ if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( slot->type != PSA_KEY_TYPE_DERIVE )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_key_derivation_internal( generator,
+ slot->data.raw.data,
+ slot->data.raw.bytes,
+ alg,
+ salt, salt_length,
+ label, label_length,
+ capacity );
+ if( status != PSA_SUCCESS )
+ psa_generator_abort( generator );
+ return( status );
+}
+
+
+
+/****************************************************************/
+/* Key agreement */
+/****************************************************************/
+
+#if defined(MBEDTLS_ECDH_C)
+static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
+ size_t peer_key_length,
+ const mbedtls_ecp_keypair *our_key,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length )
+{
+ mbedtls_ecp_keypair *their_key = NULL;
+ mbedtls_ecdh_context ecdh;
+ psa_status_t status;
+ mbedtls_ecdh_init( &ecdh );
+
+ status = psa_import_ec_public_key(
+ mbedtls_ecc_group_to_psa( our_key->grp.id ),
+ peer_key, peer_key_length,
+ &their_key );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_calc_secret( &ecdh,
+ shared_secret_length,
+ shared_secret, shared_secret_size,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg ) );
+
+exit:
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_ecp_keypair_free( their_key );
+ mbedtls_free( their_key );
+ return( status );
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
+
+/* Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
+static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ psa_algorithm_t alg )
+{
+ psa_status_t status;
+ uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
+ size_t shared_secret_length = 0;
+
+ /* Step 1: run the secret agreement algorithm to generate the shared
+ * secret. */
+ switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ) )
+ {
+#if defined(MBEDTLS_ECDH_C)
+ case PSA_ALG_ECDH_BASE:
+ if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ status = psa_key_agreement_ecdh( peer_key, peer_key_length,
+ private_key->data.ecp,
+ shared_secret,
+ sizeof( shared_secret ),
+ &shared_secret_length );
+ break;
+#endif /* MBEDTLS_ECDH_C */
+ default:
+ (void) private_key;
+ (void) peer_key;
+ (void) peer_key_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Step 2: set up the key derivation to generate key material from
+ * the shared secret. */
+ status = psa_key_derivation_internal( generator,
+ shared_secret, shared_secret_length,
+ PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ),
+ NULL, 0, NULL, 0,
+ PSA_GENERATOR_UNBRIDLED_CAPACITY );
+exit:
+ mbedtls_platform_zeroize( shared_secret, shared_secret_length );
+ return( status );
+}
+
+psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ psa_algorithm_t alg )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+ if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ status = psa_get_key_from_slot( private_key, &slot,
+ PSA_KEY_USAGE_DERIVE, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_key_agreement_internal( generator,
+ slot,
+ peer_key, peer_key_length,
+ alg );
+ if( status != PSA_SUCCESS )
+ psa_generator_abort( generator );
+ return( status );
+}
+
+
+
+/****************************************************************/
+/* Random generation */
+/****************************************************************/
+
+psa_status_t psa_generate_random( uint8_t *output,
+ size_t output_size )
+{
+ int ret;
+ GUARD_MODULE_INITIALIZED;
+
+ ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include "mbedtls/entropy_poll.h"
+
+psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
+ size_t seed_size )
+{
+ if( global_data.initialized )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
+ ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
+ ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
+}
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+psa_status_t psa_generate_key( psa_key_handle_t handle,
+ psa_key_type_t type,
+ size_t bits,
+ const void *extra,
+ size_t extra_size )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( extra == NULL && extra_size != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_empty_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( key_type_is_raw_bytes( type ) )
+ {
+ status = prepare_raw_data_slot( type, bits, &slot->data.raw );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_generate_random( slot->data.raw.data,
+ slot->data.raw.bytes );
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_free( slot->data.raw.data );
+ return( status );
+ }
+#if defined(MBEDTLS_DES_C)
+ if( type == PSA_KEY_TYPE_DES )
+ psa_des_set_key_parity( slot->data.raw.data,
+ slot->data.raw.bytes );
+#endif /* MBEDTLS_DES_C */
+ }
+ else
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if ( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ mbedtls_rsa_context *rsa;
+ int ret;
+ int exponent = 65537;
+ if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ /* Accept only byte-aligned keys, for the same reasons as
+ * in psa_import_rsa_key(). */
+ if( bits % 8 != 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( extra != NULL )
+ {
+ const psa_generate_key_extra_rsa *p = extra;
+ if( extra_size != sizeof( *p ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#if INT_MAX < 0xffffffff
+ /* Check that the uint32_t value passed by the caller fits
+ * in the range supported by this implementation. */
+ if( p->e > INT_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+ exponent = p->e;
+ }
+ rsa = mbedtls_calloc( 1, sizeof( *rsa ) );
+ if( rsa == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ mbedtls_rsa_init( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_gen_key( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ (unsigned int) bits,
+ exponent );
+ if( ret != 0 )
+ {
+ mbedtls_rsa_free( rsa );
+ mbedtls_free( rsa );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ slot->data.rsa = rsa;
+ }
+ else
+#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_ECP_C)
+ if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+ {
+ psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type );
+ mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ mbedtls_ecp_keypair *ecp;
+ int ret;
+ if( extra != NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( curve_info->bit_size != bits )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ ecp = mbedtls_calloc( 1, sizeof( *ecp ) );
+ if( ecp == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ mbedtls_ecp_keypair_init( ecp );
+ ret = mbedtls_ecp_gen_key( grp_id, ecp,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ slot->data.ecp = ecp;
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ slot->type = type;
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ {
+ return( psa_save_generated_persistent_key( slot, bits ) );
+ }
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+ return( status );
+}
+
+
+/****************************************************************/
+/* Module setup */
+/****************************************************************/
+
+psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
+ void (* entropy_init )( mbedtls_entropy_context *ctx ),
+ void (* entropy_free )( mbedtls_entropy_context *ctx ) )
+{
+ if( global_data.rng_state != RNG_NOT_INITIALIZED )
+ return( PSA_ERROR_BAD_STATE );
+ global_data.entropy_init = entropy_init;
+ global_data.entropy_free = entropy_free;
+ return( PSA_SUCCESS );
+}
+
+void mbedtls_psa_crypto_free( void )
+{
+ psa_wipe_all_key_slots( );
+ if( global_data.rng_state != RNG_NOT_INITIALIZED )
+ {
+ mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
+ global_data.entropy_free( &global_data.entropy );
+ }
+ /* Wipe all remaining data, including configuration.
+ * In particular, this sets all state indicator to the value
+ * indicating "uninitialized". */
+ mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+}
+
+psa_status_t psa_crypto_init( void )
+{
+ psa_status_t status;
+ const unsigned char drbg_seed[] = "PSA";
+
+ /* Double initialization is explicitly allowed. */
+ if( global_data.initialized != 0 )
+ return( PSA_SUCCESS );
+
+ /* Set default configuration if
+ * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */
+ if( global_data.entropy_init == NULL )
+ global_data.entropy_init = mbedtls_entropy_init;
+ if( global_data.entropy_free == NULL )
+ global_data.entropy_free = mbedtls_entropy_free;
+
+ /* Initialize the random generator. */
+ global_data.entropy_init( &global_data.entropy );
+ mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
+ global_data.rng_state = RNG_INITIALIZED;
+ status = mbedtls_to_psa_error(
+ mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
+ mbedtls_entropy_func,
+ &global_data.entropy,
+ drbg_seed, sizeof( drbg_seed ) - 1 ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ global_data.rng_state = RNG_SEEDED;
+
+ status = psa_initialize_key_slots( );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* All done. */
+ global_data.initialized = 1;
+
+exit:
+ if( status != PSA_SUCCESS )
+ mbedtls_psa_crypto_free( );
+ return( status );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
new file mode 100644
index 0000000..0f75624
--- /dev/null
+++ b/library/psa_crypto_core.h
@@ -0,0 +1,99 @@
+/*
+ * PSA crypto core internal interfaces
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_CORE_H
+#define PSA_CRYPTO_CORE_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "psa/crypto.h"
+
+#include "mbedtls/ecp.h"
+#include "mbedtls/rsa.h"
+
+/** The data structure representing a key slot, containing key material
+ * and metadata for one key.
+ */
+typedef struct
+{
+ psa_key_type_t type;
+ psa_key_policy_t policy;
+ psa_key_lifetime_t lifetime;
+ psa_key_file_id_t persistent_storage_id;
+ unsigned allocated : 1;
+ union
+ {
+ struct raw_data
+ {
+ uint8_t *data;
+ size_t bytes;
+ } raw;
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_rsa_context *rsa;
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_ecp_keypair *ecp;
+#endif /* MBEDTLS_ECP_C */
+ } data;
+} psa_key_slot_t;
+
+/** Completely wipe a slot in memory, including its policy.
+ *
+ * Persistent storage is not affected.
+ *
+ * \param[in,out] slot The key slot to wipe.
+ *
+ * \retval PSA_SUCCESS
+ * Success. This includes the case of a key slot that was
+ * already fully wiped.
+ * \retval PSA_ERROR_TAMPERING_DETECTED
+ */
+psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+
+/** Import key data into a slot.
+ *
+ * `slot->type` must have been set previously.
+ * This function assumes that the slot does not contain any key material yet.
+ * On failure, the slot content is unchanged.
+ *
+ * Persistent storage is not affected.
+ *
+ * \param[in,out] slot The key slot to import data into.
+ * Its `type` field must have previously been set to
+ * the desired key type.
+ * It must not contain any key material yet.
+ * \param[in] data Buffer containing the key material to parse and import.
+ * \param data_length Size of \p data in bytes.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ * \retval PSA_ERROR_NOT_SUPPORTED
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length );
+
+#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
new file mode 100644
index 0000000..642652a
--- /dev/null
+++ b/library/psa_crypto_invasive.h
@@ -0,0 +1,79 @@
+/**
+ * \file psa_crypto_invasive.h
+ *
+ * \brief PSA cryptography module: invasive interfaces for test only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They MUST NOT be made available to clients over IPC in integrations
+ * with isolation, and they SHOULD NOT be made available in library
+ * integrations except when building the library for testing.
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_INVASIVE_H
+#define PSA_CRYPTO_INVASIVE_H
+
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#include "psa/crypto.h"
+
+#include "mbedtls/entropy.h"
+
+/** \brief Configure entropy sources.
+ *
+ * This function may only be called before a call to psa_crypto_init(),
+ * or after a call to mbedtls_psa_crypto_free() and before any
+ * subsequent call to psa_crypto_init().
+ *
+ * This function is only intended for test purposes. The functionality
+ * it provides is also useful for system integrators, but
+ * system integrators should configure entropy drivers instead of
+ * breaking through to the Mbed TLS API.
+ *
+ * \param entropy_init Function to initialize the entropy context
+ * and set up the desired entropy sources.
+ * It is called by psa_crypto_init().
+ * By default this is mbedtls_entropy_init().
+ * This function cannot report failures directly.
+ * To indicate a failure, set the entropy context
+ * to a state where mbedtls_entropy_func() will
+ * return an error.
+ * \param entropy_free Function to free the entropy context
+ * and associated resources.
+ * It is called by mbedtls_psa_crypto_free().
+ * By default this is mbedtls_entropy_free().
+ *
+ * \retval PSA_SUCCESS
+ * Success.
+ * \retval PSA_ERROR_NOT_PERMITTED
+ * The caller does not have the permission to configure
+ * entropy sources.
+ * \retval PSA_ERROR_BAD_STATE
+ * The library has already been initialized.
+ */
+psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
+ void (* entropy_init )( mbedtls_entropy_context *ctx ),
+ void (* entropy_free )( mbedtls_entropy_context *ctx ) );
+
+#endif /* PSA_CRYPTO_INVASIVE_H */
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
new file mode 100644
index 0000000..44d5198
--- /dev/null
+++ b/library/psa_crypto_its.h
@@ -0,0 +1,142 @@
+/** \file psa_crypto_its.h
+ * \brief Interface of trusted storage that crypto is built on.
+ */
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ITS_H
+#define PSA_CRYPTO_ITS_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <psa/crypto_types.h>
+#include <psa/crypto_values.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \brief Flags used when creating a data entry
+ */
+typedef uint32_t psa_storage_create_flags_t;
+
+/** \brief A type for UIDs used for identifying data
+ */
+typedef uint64_t psa_storage_uid_t;
+
+#define PSA_STORAGE_FLAG_NONE 0 /**< No flags to pass */
+#define PSA_STORAGE_FLAG_WRITE_ONCE (1 << 0) /**< The data associated with the uid will not be able to be modified or deleted. Intended to be used to set bits in `psa_storage_create_flags_t`*/
+
+/**
+ * \brief A container for metadata associated with a specific uid
+ */
+struct psa_storage_info_t
+{
+ uint32_t size; /**< The size of the data associated with a uid **/
+ psa_storage_create_flags_t flags; /**< The flags set when the uid was created **/
+};
+
+/** Flag indicating that \ref psa_storage_create and \ref psa_storage_set_extended are supported */
+#define PSA_STORAGE_SUPPORT_SET_EXTENDED (1 << 0)
+
+/** \brief PSA storage specific error codes
+ */
+#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
+#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
+
+#define PSA_ITS_API_VERSION_MAJOR 1 /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
+#define PSA_ITS_API_VERSION_MINOR 1 /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
+
+/**
+ * \brief create a new or modify an existing uid/value pair
+ *
+ * \param[in] uid the identifier for the data
+ * \param[in] data_length The size in bytes of the data in `p_data`
+ * \param[in] p_data A buffer containing the data
+ * \param[in] create_flags The flags that the data will be stored with
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`)
+ * is invalid, for example is `NULL` or references memory the caller cannot access
+ */
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags);
+
+/**
+ * \brief Retrieve the value associated with a provided uid
+ *
+ * \param[in] uid The uid value
+ * \param[in] data_offset The starting offset of the data requested
+ * \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer)
+ * \param[out] p_data The buffer where the data will be placed upon successful completion
+ *
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage
+ * \retval PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size`
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`)
+ * is invalid. For example is `NULL` or references memory the caller cannot access.
+ * In addition, this can also happen if an invalid offset was provided.
+ */
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data);
+
+/**
+ * \brief Retrieve the metadata about the provided uid
+ *
+ * \param[in] uid The uid value
+ * \param[out] p_info A pointer to the `psa_storage_info_t` struct that will be populated with the metadata
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`)
+ * is invalid, for example is `NULL` or references memory the caller cannot access
+ */
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info);
+
+/**
+ * \brief Remove the provided key and its associated data from the storage
+ *
+ * \param[in] uid The uid value
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage
+ * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
+ */
+psa_status_t psa_its_remove(psa_storage_uid_t uid);
+
+#endif /* PSA_CRYPTO_ITS_H */
diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h
new file mode 100644
index 0000000..938bfe1
--- /dev/null
+++ b/library/psa_crypto_service_integration.h
@@ -0,0 +1,40 @@
+/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SERVICE_INTEGRATION_H
+#define PSA_CRYPTO_SERVICE_INTEGRATION_H
+
+/*
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
+ * (Secure Partition Manager) integration which separates the code into two
+ * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
+ * Environment). When building for the SPE, an additional header file should be
+ * included.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+/*
+ * PSA_CRYPTO_SECURE means that the file which included this file is being
+ * compiled for SPE. The files crypto_structs.h and crypto_types.h have
+ * different implementations for NSPE and SPE and are compiled according to this
+ * flag.
+ */
+#define PSA_CRYPTO_SECURE 1
+#include "crypto_spe.h"
+#endif // MBEDTLS_PSA_CRYPTO_SPM
+
+#endif // PSA_CRYPTO_SERVICE_INTEGRATION_H
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
new file mode 100644
index 0000000..33c03a7
--- /dev/null
+++ b/library/psa_crypto_slot_management.c
@@ -0,0 +1,295 @@
+/*
+ * PSA crypto layer on top of Mbed TLS crypto
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include "psa_crypto_service_integration.h"
+#include "psa/crypto.h"
+
+#include "psa_crypto_core.h"
+#include "psa_crypto_slot_management.h"
+#include "psa_crypto_storage.h"
+
+#include <stdlib.h>
+#include <string.h>
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+
+typedef struct
+{
+ psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
+ unsigned key_slots_initialized : 1;
+} psa_global_data_t;
+
+static psa_global_data_t global_data;
+
+/* Access a key slot at the given handle. The handle of a key slot is
+ * the index of the slot in the global slot array, plus one so that handles
+ * start at 1 and not 0. */
+psa_status_t psa_get_key_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot )
+{
+ psa_key_slot_t *slot = NULL;
+
+ if( ! global_data.key_slots_initialized )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* 0 is not a valid handle under any circumstance. This
+ * implementation provides slots number 1 to N where N is the
+ * number of available slots. */
+ if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
+ return( PSA_ERROR_INVALID_HANDLE );
+ slot = &global_data.key_slots[handle - 1];
+
+ /* If the slot hasn't been allocated, the handle is invalid. */
+ if( ! slot->allocated )
+ return( PSA_ERROR_INVALID_HANDLE );
+
+ *p_slot = slot;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_initialize_key_slots( void )
+{
+ /* Nothing to do: program startup and psa_wipe_all_key_slots() both
+ * guarantee that the key slots are initialized to all-zero, which
+ * means that all the key slots are in a valid, empty state. */
+ global_data.key_slots_initialized = 1;
+ return( PSA_SUCCESS );
+}
+
+void psa_wipe_all_key_slots( void )
+{
+ psa_key_handle_t key;
+ for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
+ {
+ psa_key_slot_t *slot = &global_data.key_slots[key - 1];
+ (void) psa_wipe_key_slot( slot );
+ }
+ global_data.key_slots_initialized = 0;
+}
+
+/** Find a free key slot and mark it as in use.
+ *
+ * \param[out] handle On success, a slot number that is not in use. This
+ * value can be used as a handle to the slot.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
+{
+ for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
+ {
+ psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
+ if( ! slot->allocated )
+ {
+ slot->allocated = 1;
+ return( PSA_SUCCESS );
+ }
+ }
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+}
+
+/** Wipe a key slot and mark it as available.
+ *
+ * This does not affect persistent storage.
+ *
+ * \param handle The handle to the key slot to release.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
+{
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ return( psa_wipe_key_slot( slot ) );
+}
+
+psa_status_t psa_allocate_key( psa_key_handle_t *handle )
+{
+ *handle = 0;
+ return( psa_internal_allocate_key_slot( handle ) );
+}
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t *key_data = NULL;
+ size_t key_data_length = 0;
+
+ status = psa_load_persistent_key( p_slot->persistent_storage_id,
+ &( p_slot )->type,
+ &( p_slot )->policy, &key_data,
+ &key_data_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = psa_import_key_into_slot( p_slot,
+ key_data, key_data_length );
+exit:
+ psa_free_persistent_key_data( key_data, key_data_length );
+ return( status );
+}
+
+/** Check whether a key identifier is acceptable.
+ *
+ * For backward compatibility, key identifiers that were valid in a
+ * past released version must remain valid, unless a migration path
+ * is provided.
+ *
+ * \param file_id The key identifier to check.
+ *
+ * \return 1 if \p file_id is acceptable, otherwise 0.
+ */
+static int psa_is_key_id_valid( psa_key_file_id_t file_id )
+{
+ psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
+ /* Reject id=0 because by general library conventions, 0 is an invalid
+ * value wherever possible. */
+ if( key_id == 0 )
+ return( 0 );
+ /* Reject high values because the file names are reserved for the
+ * library's internal use. */
+ if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+ return( 0 );
+ return( 1 );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+/** Declare a slot as persistent and load it from storage.
+ *
+ * This function may only be called immediately after a successful call
+ * to psa_internal_allocate_key_slot().
+ *
+ * \param handle A handle to a key slot freshly allocated with
+ * psa_internal_allocate_key_slot().
+ *
+ * \retval #PSA_SUCCESS
+ * The slot content was loaded successfully.
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * There is no content for this slot in persistent storage.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p id is not acceptable.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ */
+static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
+ psa_key_file_id_t id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_key_slot_t *slot;
+ psa_status_t status;
+
+ if( ! psa_is_key_id_valid( id ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_key_slot( handle, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ slot->persistent_storage_id = id;
+ status = psa_load_persistent_key_into_slot( slot );
+
+ return( status );
+
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+ (void) handle;
+ (void) id;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+}
+
+static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
+ psa_key_file_id_t id,
+ psa_key_handle_t *handle,
+ psa_status_t wanted_load_status )
+{
+ psa_status_t status;
+
+ *handle = 0;
+
+ if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_internal_allocate_key_slot( handle );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_internal_make_key_persistent( *handle, id );
+ if( status != wanted_load_status )
+ {
+ psa_internal_release_key_slot( *handle );
+ *handle = 0;
+ }
+ return( status );
+}
+
+psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
+ psa_key_file_id_t id,
+ psa_key_handle_t *handle )
+{
+ return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
+}
+
+psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
+ psa_key_file_id_t id,
+ psa_key_handle_t *handle )
+{
+ psa_status_t status;
+
+ status = persistent_key_setup( lifetime, id, handle,
+ PSA_ERROR_DOES_NOT_EXIST );
+ switch( status )
+ {
+ case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
+ case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
+ default: return( status );
+ }
+}
+
+psa_status_t psa_close_key( psa_key_handle_t handle )
+{
+ return( psa_internal_release_key_slot( handle ) );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
new file mode 100644
index 0000000..6746bad
--- /dev/null
+++ b/library/psa_crypto_slot_management.h
@@ -0,0 +1,58 @@
+/*
+ * PSA crypto layer on top of Mbed TLS crypto
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
+#define PSA_CRYPTO_SLOT_MANAGEMENT_H
+
+/* Number of key slots (plus one because 0 is not used).
+ * The value is a compile-time constant for now, for simplicity. */
+#define PSA_KEY_SLOT_COUNT 32
+
+/** Access a key slot at the given handle.
+ *
+ * \param handle Key handle to query.
+ * \param[out] p_slot On success, `*p_slot` contains a pointer to the
+ * key slot in memory designated by \p handle.
+ *
+ * \retval PSA_SUCCESS
+ * Success: \p handle is a handle to `*p_slot`. Note that `*p_slot`
+ * may be empty or occupied.
+ * \retval PSA_ERROR_INVALID_HANDLE
+ * \p handle is out of range or is not in use.
+ * \retval PSA_ERROR_BAD_STATE
+ * The library has not been initialized.
+ */
+psa_status_t psa_get_key_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot );
+
+/** Initialize the key slot structures.
+ *
+ * \retval PSA_SUCCESS
+ * Currently this function always succeeds.
+ */
+psa_status_t psa_initialize_key_slots( void );
+
+/** Delete all data from key slots in memory.
+ *
+ * This does not affect persistent storage. */
+void psa_wipe_all_key_slots( void );
+
+#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
new file mode 100644
index 0000000..840f418
--- /dev/null
+++ b/library/psa_crypto_storage.c
@@ -0,0 +1,416 @@
+/*
+ * PSA persistent key storage
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "psa_crypto_service_integration.h"
+#include "psa/crypto.h"
+#include "psa_crypto_storage.h"
+#include "mbedtls/platform_util.h"
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include "psa_crypto_its.h"
+#else /* Native ITS implementation */
+#include "psa/error.h"
+#include "psa/internal_trusted_storage.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+/* Determine a file name (ITS file identifier) for the given key file
+ * identifier. The file name must be distinct from any file that is used
+ * for a purpose other than storing a key. Currently, the only such file
+ * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
+ * and whose value is 0xFFFFFF52. */
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
+ defined(PSA_CRYPTO_SECURE)
+ /* Encode the owner in the upper 32 bits. This means that if
+ * owner values are nonzero (as they are on a PSA platform),
+ * no key file will ever have a value less than 0x100000000, so
+ * the whole range 0..0xffffffff is available for non-key files. */
+ uint32_t unsigned_owner = (uint32_t) file_id.owner;
+ return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
+#else
+ /* Use the key id directly as a file name.
+ * psa_is_key_file_id_valid() in psa_crypto_slot_management.c
+ * is responsible for ensuring that key identifiers do not have a
+ * value that is reserved for non-key files. */
+ return( file_id );
+#endif
+}
+
+/**
+ * \brief Load persistent data for the given key slot number.
+ *
+ * This function reads data from a storage backend and returns the data in a
+ * buffer.
+ *
+ * \param key Persistent identifier of the key to be loaded. This
+ * should be an occupied storage location.
+ * \param[out] data Buffer where the data is to be written.
+ * \param data_size Size of the \c data buffer in bytes.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_DOES_NOT_EXIST
+ */
+static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
+ uint8_t *data,
+ size_t data_size )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data );
+
+ return( status );
+}
+
+int psa_is_key_present_in_storage( const psa_key_file_id_t key )
+{
+ psa_status_t ret;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+
+ if( ret == PSA_ERROR_DOES_NOT_EXIST )
+ return( 0 );
+ return( 1 );
+}
+
+/**
+ * \brief Store persistent data for the given key slot number.
+ *
+ * This function stores the given data buffer to a persistent storage.
+ *
+ * \param key Persistent identifier of the key to be stored. This
+ * should be an unoccupied storage location.
+ * \param[in] data Buffer containing the data to be stored.
+ * \param data_length The number of bytes
+ * that make up the data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_ALREADY_EXISTS
+ */
+static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ if( psa_is_key_present_in_storage( key ) == 1 )
+ return( PSA_ERROR_ALREADY_EXISTS );
+
+ status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
+ if( status != PSA_SUCCESS )
+ {
+ return( PSA_ERROR_STORAGE_FAILURE );
+ }
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ {
+ goto exit;
+ }
+
+ if( data_identifier_info.size != data_length )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_its_remove( data_identifier );
+ return( status );
+}
+
+psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
+{
+ psa_status_t ret;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( ret == PSA_ERROR_DOES_NOT_EXIST )
+ return( PSA_SUCCESS );
+
+ if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( ret != PSA_ERROR_DOES_NOT_EXIST )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ return( PSA_SUCCESS );
+}
+
+/**
+ * \brief Get data length for given key slot number.
+ *
+ * \param key Persistent identifier whose stored data length
+ * is to be obtained.
+ * \param[out] data_length The number of bytes that make up the data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ */
+static psa_status_t psa_crypto_storage_get_data_length(
+ const psa_key_file_id_t key,
+ size_t *data_length )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ *data_length = (size_t) data_identifier_info.size;
+
+ return( PSA_SUCCESS );
+}
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] ) \
+ | ( (uint32_t) (b)[(i) + 1] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 3] << 24 ); \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
+ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
+ (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
+ (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
+}
+#endif
+
+/**
+ * Persistent key storage magic header.
+ */
+#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+
+typedef struct {
+ uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
+ uint8_t version[4];
+ uint8_t type[sizeof( psa_key_type_t )];
+ uint8_t policy[sizeof( psa_key_policy_t )];
+ uint8_t data_len[4];
+ uint8_t key_data[];
+} psa_persistent_key_storage_format;
+
+void psa_format_key_data_for_storage( const uint8_t *data,
+ const size_t data_length,
+ const psa_key_type_t type,
+ const psa_key_policy_t *policy,
+ uint8_t *storage_data )
+{
+ psa_persistent_key_storage_format *storage_format =
+ (psa_persistent_key_storage_format *) storage_data;
+
+ memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
+ PUT_UINT32_LE(0, storage_format->version, 0);
+ PUT_UINT32_LE(type, storage_format->type, 0);
+ PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
+ PUT_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
+ PUT_UINT32_LE(data_length, storage_format->data_len, 0);
+ memcpy( storage_format->key_data, data, data_length );
+}
+
+static psa_status_t check_magic_header( const uint8_t *data )
+{
+ if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
+ PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
+ return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_key_type_t *type,
+ psa_key_policy_t *policy )
+{
+ psa_status_t status;
+ const psa_persistent_key_storage_format *storage_format =
+ (const psa_persistent_key_storage_format *)storage_data;
+ uint32_t version;
+
+ if( storage_data_length < sizeof(*storage_format) )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ status = check_magic_header( storage_data );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ GET_UINT32_LE(version, storage_format->version, 0);
+ if( version != 0 )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ GET_UINT32_LE(*key_data_length, storage_format->data_len, 0);
+ if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
+ *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ *key_data = mbedtls_calloc( 1, *key_data_length );
+ if( *key_data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ GET_UINT32_LE(*type, storage_format->type, 0);
+ GET_UINT32_LE(policy->usage, storage_format->policy, 0);
+ GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
+
+ memcpy( *key_data, storage_format->key_data, *key_data_length );
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
+ const psa_key_type_t type,
+ const psa_key_policy_t *policy,
+ const uint8_t *data,
+ const size_t data_length )
+{
+ size_t storage_data_length;
+ uint8_t *storage_data;
+ psa_status_t status;
+
+ if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
+ storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
+
+ storage_data = mbedtls_calloc( 1, storage_data_length );
+ if( storage_data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ psa_format_key_data_for_storage( data, data_length, type, policy,
+ storage_data );
+
+ status = psa_crypto_storage_store( key,
+ storage_data, storage_data_length );
+
+ mbedtls_free( storage_data );
+
+ return( status );
+}
+
+void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
+{
+ if( key_data != NULL )
+ {
+ mbedtls_platform_zeroize( key_data, key_data_length );
+ }
+ mbedtls_free( key_data );
+}
+
+psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
+ psa_key_type_t *type,
+ psa_key_policy_t *policy,
+ uint8_t **data,
+ size_t *data_length )
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t *loaded_data;
+ size_t storage_data_length = 0;
+
+ status = psa_crypto_storage_get_data_length( key, &storage_data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ loaded_data = mbedtls_calloc( 1, storage_data_length );
+
+ if( loaded_data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
+ data, data_length, type, policy );
+
+exit:
+ mbedtls_free( loaded_data );
+ return( status );
+}
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
+ size_t seed_size )
+{
+ psa_status_t status;
+ struct psa_storage_info_t p_info;
+
+ status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+
+ if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
+ {
+ status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
+ }
+ else if( PSA_SUCCESS == status )
+ {
+ /* You should not be here. Seed needs to be injected only once */
+ status = PSA_ERROR_NOT_PERMITTED;
+ }
+ return( status );
+}
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
new file mode 100644
index 0000000..5434d05
--- /dev/null
+++ b/library/psa_crypto_storage.h
@@ -0,0 +1,226 @@
+/**
+ * \file psa_crypto_storage.h
+ *
+ * \brief PSA cryptography module: Mbed TLS key storage
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_STORAGE_H
+#define PSA_CRYPTO_STORAGE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#include "psa/crypto.h"
+#include <stdint.h>
+
+/* Limit the maximum key size to 30kB (just in case someone tries to
+ * inadvertently store an obscene amount of data) */
+#define PSA_CRYPTO_MAX_STORAGE_SIZE ( 30 * 1024 )
+
+/** The maximum permitted persistent slot number.
+ *
+ * In Mbed Crypto 0.1.0b:
+ * - Using the file backend, all key ids are ok except 0.
+ * - Using the ITS backend, all key ids are ok except 0xFFFFFF52
+ * (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the
+ * device's random seed (if this feature is enabled).
+ * - Only key ids from 1 to #PSA_KEY_SLOT_COUNT are actually used.
+ *
+ * Since we need to preserve the random seed, avoid using that key slot.
+ * Reserve a whole range of key slots just in case something else comes up.
+ *
+ * This limitation will probably become moot when we implement client
+ * separation for key storage.
+ */
+#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xfffeffff
+
+/**
+ * \brief Checks if persistent data is stored for the given key slot number
+ *
+ * This function checks if any key data or metadata exists for the key slot in
+ * the persistent storage.
+ *
+ * \param key Persistent identifier to check.
+ *
+ * \retval 0
+ * No persistent data present for slot number
+ * \retval 1
+ * Persistent data present for slot number
+ */
+int psa_is_key_present_in_storage( const psa_key_file_id_t key );
+
+/**
+ * \brief Format key data and metadata and save to a location for given key
+ * slot.
+ *
+ * This function formats the key data and metadata and saves it to a
+ * persistent storage backend. The storage location corresponding to the
+ * key slot must be empty, otherwise this function will fail. This function
+ * should be called after psa_import_key_into_slot() to ensure the
+ * persistent key is not saved into a storage location corresponding to an
+ * already occupied non-persistent key, as well as validating the key data.
+ *
+ *
+ * \param key Persistent identifier of the key to be stored. This
+ * should be an unoccupied storage location.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param[in] policy The key policy to save.
+ * \param[in] data Buffer containing the key data.
+ * \param data_length The number of bytes that make up the key data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_ALREADY_EXISTS
+ */
+psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
+ const psa_key_type_t type,
+ const psa_key_policy_t *policy,
+ const uint8_t *data,
+ const size_t data_length );
+
+/**
+ * \brief Parses key data and metadata and load persistent key for given
+ * key slot number.
+ *
+ * This function reads from a storage backend, parses the key data and
+ * metadata and writes them to the appropriate output parameters.
+ *
+ * Note: This function allocates a buffer and returns a pointer to it through
+ * the data parameter. psa_free_persistent_key_data() must be called after
+ * this function to zeroize and free this buffer, regardless of whether this
+ * function succeeds or fails.
+ *
+ * \param key Persistent identifier of the key to be loaded. This
+ * should be an occupied storage location.
+ * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
+ * value).
+ * \param[out] policy On success, the key's policy.
+ * \param[out] data Pointer to an allocated key data buffer on return.
+ * \param[out] data_length The number of bytes that make up the key data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_DOES_NOT_EXIST
+ */
+psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
+ psa_key_type_t *type,
+ psa_key_policy_t *policy,
+ uint8_t **data,
+ size_t *data_length );
+
+/**
+ * \brief Remove persistent data for the given key slot number.
+ *
+ * \param key Persistent identifier of the key to remove
+ * from persistent storage.
+ *
+ * \retval PSA_SUCCESS
+ * The key was successfully removed,
+ * or the key did not exist.
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ */
+psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
+
+/**
+ * \brief Free the temporary buffer allocated by psa_load_persistent_key().
+ *
+ * This function must be called at some point after psa_load_persistent_key()
+ * to zeroize and free the memory allocated to the buffer in that function.
+ *
+ * \param key_data Buffer for the key data.
+ * \param key_data_length Size of the key data buffer.
+ *
+ */
+void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
+
+/**
+ * \brief Formats key data and metadata for persistent storage
+ *
+ * \param[in] data Buffer for the key data.
+ * \param data_length Length of the key data buffer.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param policy The key policy.
+ * \param[out] storage_data Output buffer for the formatted data.
+ *
+ */
+void psa_format_key_data_for_storage( const uint8_t *data,
+ const size_t data_length,
+ const psa_key_type_t type,
+ const psa_key_policy_t *policy,
+ uint8_t *storage_data );
+
+/**
+ * \brief Parses persistent storage data into key data and metadata
+ *
+ * \param[in] storage_data Buffer for the storage data.
+ * \param storage_data_length Length of the storage data buffer
+ * \param[out] key_data On output, pointer to a newly allocated buffer
+ * containing the key data. This must be freed
+ * using psa_free_persistent_key_data()
+ * \param[out] key_data_length Length of the key data buffer
+ * \param[out] type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param[out] policy The key policy.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ */
+psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_key_type_t *type,
+ psa_key_policy_t *policy );
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/** Backend side of mbedtls_psa_inject_entropy().
+ *
+ * This function stores the supplied data into the entropy seed file.
+ *
+ * \retval #PSA_SUCCESS
+ * Success
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The entropy seed file already exists.
+ */
+psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
+ size_t seed_size );
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_STORAGE_H */
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
new file mode 100644
index 0000000..8cdf783
--- /dev/null
+++ b/library/psa_its_file.c
@@ -0,0 +1,247 @@
+/*
+ * PSA ITS simulator over stdio files.
+ */
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_snprintf snprintf
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "psa_crypto_its.h"
+
+#include <limits.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#define PSA_ITS_STORAGE_PREFIX ""
+
+#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
+#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
+#define PSA_ITS_STORAGE_FILENAME_LENGTH \
+ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
+ 1 /*terminating null byte*/ )
+#define PSA_ITS_STORAGE_TEMP \
+ PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
+
+/* The maximum value of psa_storage_info_t.size */
+#define PSA_ITS_MAX_SIZE 0xffffffff
+
+#define PSA_ITS_MAGIC_STRING "PSA\0ITS\0"
+#define PSA_ITS_MAGIC_LENGTH 8
+
+/* As rename fails on Windows if the new filepath already exists,
+ * use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
+ * Returns 0 on success, nonzero on failure. */
+#if defined(_WIN32)
+#define rename_replace_existing( oldpath, newpath ) \
+ ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
+#else
+#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
+#endif
+
+typedef struct
+{
+ uint8_t magic[PSA_ITS_MAGIC_LENGTH];
+ uint8_t size[sizeof( uint32_t )];
+ uint8_t flags[sizeof( psa_storage_create_flags_t )];
+} psa_its_file_header_t;
+
+static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+{
+ /* Break up the UID into two 32-bit pieces so as not to rely on
+ * long long support in snprintf. */
+ mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+ "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+ PSA_ITS_STORAGE_PREFIX,
+ (unsigned long) ( uid >> 32 ),
+ (unsigned long) ( uid & 0xffffffff ),
+ PSA_ITS_STORAGE_SUFFIX );
+}
+
+static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info,
+ FILE **p_stream )
+{
+ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+ psa_its_file_header_t header;
+ size_t n;
+
+ *p_stream = NULL;
+ psa_its_fill_filename( uid, filename );
+ *p_stream = fopen( filename, "rb" );
+ if( *p_stream == NULL )
+ return( PSA_ERROR_DOES_NOT_EXIST );
+
+ n = fread( &header, 1, sizeof( header ), *p_stream );
+ if( n != sizeof( header ) )
+ return( PSA_ERROR_DATA_CORRUPT );
+ if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
+ PSA_ITS_MAGIC_LENGTH ) != 0 )
+ return( PSA_ERROR_DATA_CORRUPT );
+
+ p_info->size = ( header.size[0] |
+ header.size[1] << 8 |
+ header.size[2] << 16 |
+ header.size[3] << 24 );
+ p_info->flags = ( header.flags[0] |
+ header.flags[1] << 8 |
+ header.flags[2] << 16 |
+ header.flags[3] << 24 );
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_its_get_info( psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info )
+{
+ psa_status_t status;
+ FILE *stream = NULL;
+ status = psa_its_read_file( uid, p_info, &stream );
+ if( stream != NULL )
+ fclose( stream );
+ return( status );
+}
+
+psa_status_t psa_its_get( psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data )
+{
+ psa_status_t status;
+ FILE *stream = NULL;
+ size_t n;
+ struct psa_storage_info_t info;
+
+ status = psa_its_read_file( uid, &info, &stream );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ if( data_offset + data_length < data_offset )
+ goto exit;
+#if SIZE_MAX < 0xffffffff
+ if( data_offset + data_length > SIZE_MAX )
+ goto exit;
+#endif
+ if( data_offset + data_length > info.size )
+ goto exit;
+
+ status = PSA_ERROR_STORAGE_FAILURE;
+#if LONG_MAX < 0xffffffff
+ while( data_offset > LONG_MAX )
+ {
+ if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
+ goto exit;
+ data_offset -= LONG_MAX;
+ }
+#endif
+ if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
+ goto exit;
+ n = fread( p_data, 1, data_length, stream );
+ if( n != data_length )
+ goto exit;
+ status = PSA_SUCCESS;
+
+exit:
+ if( stream != NULL )
+ fclose( stream );
+ return( status );
+}
+
+psa_status_t psa_its_set( psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags )
+{
+ psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
+ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+ FILE *stream = NULL;
+ psa_its_file_header_t header;
+ size_t n;
+
+ memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
+ header.size[0] = data_length & 0xff;
+ header.size[1] = ( data_length >> 8 ) & 0xff;
+ header.size[2] = ( data_length >> 16 ) & 0xff;
+ header.size[3] = ( data_length >> 24 ) & 0xff;
+ header.flags[0] = create_flags & 0xff;
+ header.flags[1] = ( create_flags >> 8 ) & 0xff;
+ header.flags[2] = ( create_flags >> 16 ) & 0xff;
+ header.flags[3] = ( create_flags >> 24 ) & 0xff;
+
+ psa_its_fill_filename( uid, filename );
+ stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
+ if( stream == NULL )
+ goto exit;
+
+ status = PSA_ERROR_INSUFFICIENT_STORAGE;
+ n = fwrite( &header, 1, sizeof( header ), stream );
+ if( n != sizeof( header ) )
+ goto exit;
+ n = fwrite( p_data, 1, data_length, stream );
+ if( n != data_length )
+ goto exit;
+ status = PSA_SUCCESS;
+
+exit:
+ if( stream != NULL )
+ {
+ int ret = fclose( stream );
+ if( status == PSA_SUCCESS && ret != 0 )
+ status = PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
+ if( status == PSA_SUCCESS )
+ {
+ if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
+ status = PSA_ERROR_STORAGE_FAILURE;
+ }
+ remove( PSA_ITS_STORAGE_TEMP );
+ return( status );
+}
+
+psa_status_t psa_its_remove( psa_storage_uid_t uid )
+{
+ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+ FILE *stream;
+ psa_its_fill_filename( uid, filename );
+ stream = fopen( filename, "rb" );
+ if( stream == NULL )
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ fclose( stream );
+ if( remove( filename ) != 0 )
+ return( PSA_ERROR_STORAGE_FAILURE );
+ return( PSA_SUCCESS );
+}
+
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/library/version_features.c b/library/version_features.c
index b36893e..afae4f3 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -414,6 +414,9 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+ "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */
diff --git a/programs/.gitignore b/programs/.gitignore
index 4d78930..30489be 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -9,9 +9,7 @@
hash/md5sum
hash/sha1sum
hash/sha2sum
-pkey/dh_client
pkey/dh_genprime
-pkey/dh_server
pkey/ecdsa
pkey/ecdh_curve25519
pkey/gen_key
@@ -29,6 +27,10 @@
pkey/rsa_sign_pss
pkey/rsa_verify
pkey/rsa_verify_pss
+psa/crypto_examples
+psa/psa_constant_names
+psa/psa_constant_names_generated.c
+psa/key_ladder_demo
random/gen_entropy
random/gen_random_ctr_drbg
random/gen_random_havege
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 4cdae78..661b120 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,6 +1,7 @@
add_subdirectory(aes)
add_subdirectory(hash)
add_subdirectory(pkey)
+add_subdirectory(psa)
add_subdirectory(random)
add_subdirectory(ssl)
add_subdirectory(test)
diff --git a/programs/Makefile b/programs/Makefile
index c172385..4f913bb 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -14,12 +14,6 @@
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
-ifdef USE_CRYPTO_SUBMODULE
-LOCAL_LDFLAGS += -L../crypto/library
-LOCAL_CFLAGS += -I../crypto/include
-LOCAL_CXXFLAGS += -I../crypto/include
-endif
-
ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else
@@ -53,34 +47,57 @@
LOCAL_LDFLAGS += -lz
endif
-APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
- hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
- pkey/dh_client$(EXEXT) \
- pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
- pkey/ecdh_curve25519$(EXEXT) \
- pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \
- pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \
- pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \
- pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \
- pkey/pk_verify$(EXEXT) pkey/rsa_genkey$(EXEXT) \
- pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \
- pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \
- pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \
- ssl/dtls_client$(EXEXT) ssl/dtls_server$(EXEXT) \
- ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \
- ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \
- ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \
- ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
- random/gen_random_havege$(EXEXT) \
- random/gen_random_ctr_drbg$(EXEXT) \
- test/benchmark$(EXEXT) \
- test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
- test/zeroize$(EXEXT) \
- test/query_compile_time_config$(EXEXT) \
- util/pem2der$(EXEXT) util/strerror$(EXEXT) \
- x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
- x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
- x509/req_app$(EXEXT)
+APPS = \
+ aes/aescrypt2$(EXEXT) \
+ aes/crypt_and_hash$(EXEXT) \
+ hash/hello$(EXEXT) \
+ hash/generic_sum$(EXEXT) \
+ pkey/dh_genprime$(EXEXT) \
+ pkey/ecdh_curve25519$(EXEXT) \
+ pkey/ecdsa$(EXEXT) \
+ pkey/gen_key$(EXEXT) \
+ pkey/key_app$(EXEXT) \
+ pkey/key_app_writer$(EXEXT) \
+ pkey/mpi_demo$(EXEXT) \
+ pkey/pk_decrypt$(EXEXT) \
+ pkey/pk_encrypt$(EXEXT) \
+ pkey/pk_sign$(EXEXT) \
+ pkey/pk_verify$(EXEXT) \
+ pkey/rsa_genkey$(EXEXT) \
+ pkey/rsa_decrypt$(EXEXT) \
+ pkey/rsa_encrypt$(EXEXT) \
+ pkey/rsa_sign$(EXEXT) \
+ pkey/rsa_verify$(EXEXT) \
+ pkey/rsa_sign_pss$(EXEXT) \
+ pkey/rsa_verify_pss$(EXEXT) \
+ psa/crypto_examples$(EXEXT) \
+ psa/key_ladder_demo$(EXEXT) \
+ psa/psa_constant_names$(EXEXT) \
+ ssl/dtls_client$(EXEXT) \
+ ssl/dtls_server$(EXEXT) \
+ ssl/ssl_client1$(EXEXT) \
+ ssl/ssl_client2$(EXEXT) \
+ ssl/ssl_server$(EXEXT) \
+ ssl/ssl_server2$(EXEXT) \
+ ssl/ssl_fork_server$(EXEXT) \
+ ssl/mini_client$(EXEXT) \
+ ssl/ssl_mail_client$(EXEXT) \
+ random/gen_entropy$(EXEXT) \
+ random/gen_random_havege$(EXEXT) \
+ random/gen_random_ctr_drbg$(EXEXT) \
+ test/benchmark$(EXEXT) \
+ test/selftest$(EXEXT) \
+ test/udp_proxy$(EXEXT) \
+ test/zeroize$(EXEXT) \
+ test/query_compile_time_config$(EXEXT) \
+ util/pem2der$(EXEXT) \
+ util/strerror$(EXEXT) \
+ x509/cert_app$(EXEXT) \
+ x509/crl_app$(EXEXT) \
+ x509/cert_req$(EXEXT) \
+ x509/cert_write$(EXEXT) \
+ x509/req_app$(EXEXT) \
+# End of APPS
ifdef PTHREAD
APPS += ssl/ssl_pthread_server$(EXEXT)
@@ -90,6 +107,8 @@
APPS += test/cpp_dummy_build$(EXEXT)
endif
+EXTRA_GENERATED =
+
.SILENT:
.PHONY: all clean list
@@ -99,6 +118,16 @@
$(DEP):
$(MAKE) -C ../library
+ifdef WINDOWS
+EXTRA_GENERATED += psa\psa_constant_names_generated.c
+else
+EXTRA_GENERATED += psa/psa_constant_names_generated.c
+endif
+
+psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c
+psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h ../include/psa/crypto_extra.h
+ ../scripts/generate_psa_constants.py
+
aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
echo " CC aes/aescrypt2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -115,18 +144,10 @@
echo " CC hash/generic_sum.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
- echo " CC pkey/dh_client.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
echo " CC pkey/dh_genprime.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP)
- echo " CC pkey/dh_server.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
echo " CC pkey/ecdh_curve25519.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -195,6 +216,14 @@
echo " CC pkey/rsa_encrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+psa/key_ladder_demo$(EXEXT): psa/key_ladder_demo.c $(DEP)
+ echo " CC psa/key_ladder_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c $(DEP)
+ echo " CC psa/psa_constant_names.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -219,17 +248,17 @@
echo " CC ssl/ssl_client1.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c ssl/query_config.c $(DEP)
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c test/query_config.c $(DEP)
echo " CC ssl/ssl_client2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
echo " CC ssl/ssl_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c ssl/query_config.c $(DEP)
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP)
echo " CC ssl/ssl_server2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c"
@@ -267,9 +296,9 @@
echo " CC test/zeroize.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c ssl/query_config.c $(DEP)
+test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.c $(DEP)
echo " CC test/query_compile_time_config.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
@@ -299,11 +328,17 @@
echo " CC x509/req_app.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
+ echo " CC psa/crypto_examples.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
clean:
ifndef WINDOWS
- rm -f $(APPS)
+ rm -f $(APPS) $(EXTRA_GENERATED)
else
- del /S /Q /F *.o *.exe
+ if exist *.o del /S /Q /F *.o
+ if exist *.exe del /S /Q /F *.exe
+ if exist $(EXTRA_GENERATED) del /S /Q /F $(EXTRA_GENERATED)
endif
list:
diff --git a/programs/README.md b/programs/README.md
index d26349d..44edd61 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -44,8 +44,6 @@
### Diffie-Hellman key exchange examples
-* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
-
* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
### Bignum (`mpi`) usage examples
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 5a37a42..944a100 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -1,12 +1,6 @@
-add_executable(dh_client dh_client.c)
-target_link_libraries(dh_client mbedtls)
-
add_executable(dh_genprime dh_genprime.c)
target_link_libraries(dh_genprime mbedtls)
-add_executable(dh_server dh_server.c)
-target_link_libraries(dh_server mbedtls)
-
add_executable(ecdh_curve25519 ecdh_curve25519.c)
target_link_libraries(ecdh_curve25519 mbedtls)
@@ -58,6 +52,6 @@
add_executable(pk_decrypt pk_decrypt.c)
target_link_libraries(pk_decrypt mbedtls)
-install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
+install(TARGETS dh_genprime key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
deleted file mode 100644
index 1dce31a..0000000
--- a/programs/pkey/dh_client.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Diffie-Hellman-Merkle key exchange (client side)
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
- defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
- defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
- defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
- defined(MBEDTLS_SHA1_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_NAME "localhost"
-#define SERVER_PORT "11999"
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_SHA1_C)
-int main( void )
-{
- mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
-#else
-
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
-
-int main( void )
-{
- FILE *f;
-
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- size_t n, buflen;
- mbedtls_net_context server_fd;
-
- unsigned char *p, *end;
- unsigned char buf[2048];
- unsigned char hash[32];
- const char *pers = "dh_client";
-
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
- mbedtls_rsa_context rsa;
- mbedtls_dhm_context dhm;
- mbedtls_aes_context aes;
-
- mbedtls_net_init( &server_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
- mbedtls_dhm_init( &dhm );
- mbedtls_aes_init( &aes );
- mbedtls_ctr_drbg_init( &ctr_drbg );
-
- /*
- * 1. Setup the RNG
- */
- mbedtls_printf( "\n . Seeding the random number generator" );
- fflush( stdout );
-
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
- goto exit;
- }
-
- /*
- * 2. Read the server's public RSA key
- */
- mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
- fflush( stdout );
-
- if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
- goto exit;
- }
-
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
- fclose( f );
- goto exit;
- }
-
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
-
- fclose( f );
-
- /*
- * 3. Initiate the connection
- */
- mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME,
- SERVER_PORT );
- fflush( stdout );
-
- if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
- SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 4a. First get the buffer length
- */
- mbedtls_printf( "\n . Receiving the server's DH parameters" );
- fflush( stdout );
-
- memset( buf, 0, sizeof( buf ) );
-
- if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
- goto exit;
- }
-
- n = buflen = ( buf[0] << 8 ) | buf[1];
- if( buflen < 1 || buflen > sizeof( buf ) )
- {
- mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" );
- goto exit;
- }
-
- /*
- * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
- */
- memset( buf, 0, sizeof( buf ) );
-
- if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
- goto exit;
- }
-
- p = buf, end = buf + buflen;
-
- if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret );
- goto exit;
- }
-
- if( dhm.len < 64 || dhm.len > 512 )
- {
- mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
- goto exit;
- }
-
- /*
- * 5. Check that the server's RSA signature matches
- * the SHA-256 hash of (P,G,Ys)
- */
- mbedtls_printf( "\n . Verifying the server's RSA signature" );
- fflush( stdout );
-
- p += 2;
-
- if( ( n = (size_t) ( end - p ) ) != rsa.len )
- {
- mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
- goto exit;
- }
-
- if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 6. Send our public value: Yc = G ^ Xc mod P
- */
- mbedtls_printf( "\n . Sending own public value to server" );
- fflush( stdout );
-
- n = dhm.len;
- if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 7. Derive the shared secret: K = Ys ^ Xc mod P
- */
- mbedtls_printf( "\n . Shared secret: " );
- fflush( stdout );
-
- if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
- goto exit;
- }
-
- for( n = 0; n < 16; n++ )
- mbedtls_printf( "%02x", buf[n] );
-
- /*
- * 8. Setup the AES-256 decryption key
- *
- * This is an overly simplified example; best practice is
- * to hash the shared secret with a random value to derive
- * the keying material for the encryption/decryption keys,
- * IVs and MACs.
- */
- mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
- fflush( stdout );
-
- mbedtls_aes_setkey_dec( &aes, buf, 256 );
-
- memset( buf, 0, sizeof( buf ) );
-
- if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
- buf[16] = '\0';
- mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
- mbedtls_net_free( &server_fd );
-
- mbedtls_aes_free( &aes );
- mbedtls_rsa_free( &rsa );
- mbedtls_dhm_free( &dhm );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
-
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
- return( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
- MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
deleted file mode 100644
index a797e60..0000000
--- a/programs/pkey/dh_server.c
+++ /dev/null
@@ -1,348 +0,0 @@
-/*
- * Diffie-Hellman-Merkle key exchange (server side)
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
- defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
- defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
- defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
- defined(MBEDTLS_SHA1_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_PORT "11999"
-#define PLAINTEXT "==Hello there!=="
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_SHA1_C)
-int main( void )
-{
- mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
-#else
-
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- mbedtls_printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-}
-#endif
-
-int main( void )
-{
- FILE *f;
-
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- size_t n, buflen;
- mbedtls_net_context listen_fd, client_fd;
-
- unsigned char buf[2048];
- unsigned char hash[32];
- unsigned char buf2[2];
- const char *pers = "dh_server";
-
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
- mbedtls_rsa_context rsa;
- mbedtls_dhm_context dhm;
- mbedtls_aes_context aes;
-
- mbedtls_mpi N, P, Q, D, E;
-
- mbedtls_net_init( &listen_fd );
- mbedtls_net_init( &client_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
- mbedtls_dhm_init( &dhm );
- mbedtls_aes_init( &aes );
- mbedtls_ctr_drbg_init( &ctr_drbg );
-
- mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
-
- /*
- * 1. Setup the RNG
- */
- mbedtls_printf( "\n . Seeding the random number generator" );
- fflush( stdout );
-
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
- goto exit;
- }
-
- /*
- * 2a. Read the server's private RSA key
- */
- mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
- fflush( stdout );
-
- if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
- " ! Please run rsa_genkey first\n\n" );
- goto exit;
- }
-
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
- if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- ret );
- fclose( f );
- goto exit;
- }
- fclose( f );
-
- if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- ret );
- goto exit;
- }
-
- /*
- * 2b. Get the DHM modulus and generator
- */
- mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" );
- fflush( stdout );
-
- if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
- {
- mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
- " ! Please run dh_genprime first\n\n" );
- goto exit;
- }
-
- if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
- mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
- {
- mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
- fclose( f );
- goto exit;
- }
-
- fclose( f );
-
- /*
- * 3. Wait for a client to connect
- */
- mbedtls_printf( "\n . Waiting for a remote connection" );
- fflush( stdout );
-
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
- NULL, 0, NULL ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 4. Setup the DH parameters (P,G,Ys)
- */
- mbedtls_printf( "\n . Sending the server's DH parameters" );
- fflush( stdout );
-
- memset( buf, 0, sizeof( buf ) );
-
- if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 5. Sign the parameters and send them
- */
- if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
- goto exit;
- }
-
- buf[n ] = (unsigned char)( rsa.len >> 8 );
- buf[n + 1] = (unsigned char)( rsa.len );
-
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
- 0, hash, buf + n + 2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
- goto exit;
- }
-
- buflen = n + 2 + rsa.len;
- buf2[0] = (unsigned char)( buflen >> 8 );
- buf2[1] = (unsigned char)( buflen );
-
- if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
- ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 6. Get the client's public value: Yc = G ^ Xc mod P
- */
- mbedtls_printf( "\n . Receiving the client's public value" );
- fflush( stdout );
-
- memset( buf, 0, sizeof( buf ) );
-
- n = dhm.len;
- if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
- goto exit;
- }
-
- /*
- * 7. Derive the shared secret: K = Ys ^ Xc mod P
- */
- mbedtls_printf( "\n . Shared secret: " );
- fflush( stdout );
-
- if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
- goto exit;
- }
-
- for( n = 0; n < 16; n++ )
- mbedtls_printf( "%02x", buf[n] );
-
- /*
- * 8. Setup the AES-256 encryption key
- *
- * This is an overly simplified example; best practice is
- * to hash the shared secret with a random value to derive
- * the keying material for the encryption/decryption keys
- * and MACs.
- */
- mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
- fflush( stdout );
-
- mbedtls_aes_setkey_enc( &aes, buf, 256 );
- memcpy( buf, PLAINTEXT, 16 );
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
-
- if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
- {
- mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( "\n\n" );
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
- mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
-
- mbedtls_net_free( &client_fd );
- mbedtls_net_free( &listen_fd );
-
- mbedtls_aes_free( &aes );
- mbedtls_rsa_free( &rsa );
- mbedtls_dhm_free( &dhm );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
-
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
- return( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
- MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 0bd61e4..b4860fe 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -40,7 +40,7 @@
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
+#include "mbedtls/pk.h"
#include <string.h>
#endif
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 81867ee..c66f4e7 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -42,7 +42,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/bignum.h"
-#include "mbedtls/x509.h"
#include "mbedtls/rsa.h"
#include <stdio.h>
@@ -160,19 +159,6 @@
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
goto exit;
}
-/*
- mbedtls_printf( " ok\n . Generating the certificate..." );
-
- x509write_init_raw( &cert );
- x509write_add_pubkey( &cert, &rsa );
- x509write_add_subject( &cert, "CN='localhost'" );
- x509write_add_validity( &cert, "2007-09-06 17:00:32",
- "2010-09-06 17:00:32" );
- x509write_create_selfsign( &cert, &rsa );
- x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
- x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
- x509write_free_raw( &cert );
-*/
mbedtls_printf( " ok\n\n" );
exit_code = MBEDTLS_EXIT_SUCCESS;
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 5131745..cb69fa6 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -55,7 +55,7 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
+#include "mbedtls/pk.h"
#include <stdio.h>
#include <string.h>
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 34122ca..d745274 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -55,7 +55,6 @@
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
#include "mbedtls/md.h"
-#include "mbedtls/x509.h"
#include <stdio.h>
#include <string.h>
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
new file mode 100644
index 0000000..c80043b
--- /dev/null
+++ b/programs/psa/CMakeLists.txt
@@ -0,0 +1,26 @@
+add_executable(crypto_examples crypto_examples.c)
+target_link_libraries(crypto_examples mbedtls)
+
+add_executable(key_ladder_demo key_ladder_demo.c)
+target_link_libraries(key_ladder_demo mbedtls)
+
+add_executable(psa_constant_names psa_constant_names.c)
+target_link_libraries(psa_constant_names mbedtls)
+
+add_custom_target(
+ psa_constant_names_generated
+ COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../
+)
+add_dependencies(psa_constant_names psa_constant_names_generated)
+
+install(TARGETS
+ crypto_examples
+ key_ladder_demo
+ psa_constant_names
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+install(PROGRAMS
+ key_ladder_demo.sh
+ DESTINATION "bin")
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
new file mode 100644
index 0000000..2f7c445
--- /dev/null
+++ b/programs/psa/crypto_examples.c
@@ -0,0 +1,343 @@
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define ASSERT( predicate ) \
+ do \
+ { \
+ if( ! ( predicate ) ) \
+ { \
+ printf( "\tassertion failed at %s:%d - '%s'\r\n", \
+ __FILE__, __LINE__, #predicate); \
+ goto exit; \
+ } \
+ } while ( 0 )
+
+#define ASSERT_STATUS( actual, expected ) \
+ do \
+ { \
+ if( ( actual ) != ( expected ) ) \
+ { \
+ printf( "\tassertion failed at %s:%d - " \
+ "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
+ (psa_status_t) actual, (psa_status_t) expected ); \
+ goto exit; \
+ } \
+ } while ( 0 )
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
+ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
+ !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+int main( void )
+{
+ printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+ "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+ "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+ "not defined.\r\n" );
+ return( 0 );
+}
+#else
+
+static psa_status_t set_key_policy( psa_key_handle_t key_handle,
+ psa_key_usage_t key_usage,
+ psa_algorithm_t alg )
+{
+ psa_status_t status;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ psa_key_policy_set_usage( &policy, key_usage, alg );
+ status = psa_set_key_policy( key_handle, &policy );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+exit:
+ return( status );
+}
+
+static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ size_t bytes_to_write = 0, bytes_written = 0, len = 0;
+
+ *output_len = 0;
+ while( bytes_written != input_size )
+ {
+ bytes_to_write = ( input_size - bytes_written > part_size ?
+ part_size :
+ input_size - bytes_written );
+
+ status = psa_cipher_update( operation, input + bytes_written,
+ bytes_to_write, output + *output_len,
+ output_size - *output_len, &len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ bytes_written += bytes_to_write;
+ *output_len += len;
+ }
+
+ status = psa_cipher_finish( operation, output + *output_len,
+ output_size - *output_len, &len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+ *output_len += len;
+
+exit:
+ return( status );
+}
+
+static psa_status_t cipher_encrypt( psa_key_handle_t key_handle,
+ psa_algorithm_t alg,
+ uint8_t * iv,
+ size_t iv_size,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ size_t iv_len = 0;
+
+ memset( &operation, 0, sizeof( operation ) );
+ status = psa_cipher_encrypt_setup( &operation, key_handle, alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_operation( &operation, input, input_size, part_size,
+ output, output_size, output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_cipher_abort( &operation );
+ return( status );
+}
+
+static psa_status_t cipher_decrypt( psa_key_handle_t key_handle,
+ psa_algorithm_t alg,
+ const uint8_t * iv,
+ size_t iv_size,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+
+ memset( &operation, 0, sizeof( operation ) );
+ status = psa_cipher_decrypt_setup( &operation, key_handle, alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_cipher_set_iv( &operation, iv, iv_size );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_operation( &operation, input, input_size, part_size,
+ output, output_size, output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_cipher_abort( &operation );
+ return( status );
+}
+
+static psa_status_t
+cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ part_size = block_size,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+
+ psa_status_t status;
+ psa_key_handle_t key_handle = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size];
+ uint8_t input[block_size];
+ uint8_t encrypt[block_size];
+ uint8_t decrypt[block_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_allocate_key( &key_handle );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = set_key_policy( key_handle,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_handle );
+ return( status );
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+
+ const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
+
+ psa_status_t status;
+ psa_key_handle_t key_handle = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size],
+ encrypt[input_size + block_size], decrypt[input_size + block_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_allocate_key( &key_handle );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = set_key_policy( key_handle,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_handle );
+ return( status );
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CTR;
+
+ psa_status_t status;
+ psa_key_handle_t key_handle = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size], encrypt[input_size],
+ decrypt[input_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_allocate_key( &key_handle );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+ status = set_key_policy( key_handle,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_handle );
+ return( status );
+}
+
+static void cipher_examples( void )
+{
+ psa_status_t status;
+
+ printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
+ if( status == PSA_SUCCESS )
+ printf( "\tsuccess!\r\n" );
+
+ printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
+ if( status == PSA_SUCCESS )
+ printf( "\tsuccess!\r\n" );
+
+ printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
+ if( status == PSA_SUCCESS )
+ printf( "\tsuccess!\r\n" );
+}
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+ const char *file,
+ int line )
+{
+ printf( "%s:%i: Input param failed - %s\n",
+ file, line, failure_condition );
+ exit( EXIT_FAILURE );
+}
+#endif
+
+int main( void )
+{
+ ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ cipher_examples( );
+exit:
+ mbedtls_psa_crypto_free( );
+ return( 0 );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
+ MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
new file mode 100644
index 0000000..23c2347
--- /dev/null
+++ b/programs/psa/key_ladder_demo.c
@@ -0,0 +1,716 @@
+/**
+ * PSA API key derivation demonstration
+ *
+ * This program calculates a key ladder: a chain of secret material, each
+ * derived from the previous one in a deterministic way based on a label.
+ * Two keys are identical if and only if they are derived from the same key
+ * using the same label.
+ *
+ * The initial key is called the master key. The master key is normally
+ * randomly generated, but it could itself be derived from another key.
+ *
+ * This program derives a series of keys called intermediate keys.
+ * The first intermediate key is derived from the master key using the
+ * first label passed on the command line. Each subsequent intermediate
+ * key is derived from the previous one using the next label passed
+ * on the command line.
+ *
+ * This program has four modes of operation:
+ *
+ * - "generate": generate a random master key.
+ * - "wrap": derive a wrapping key from the last intermediate key,
+ * and use that key to encrypt-and-authenticate some data.
+ * - "unwrap": derive a wrapping key from the last intermediate key,
+ * and use that key to decrypt-and-authenticate some
+ * ciphertext created by wrap mode.
+ * - "save": save the last intermediate key so that it can be reused as
+ * the master key in another run of the program.
+ *
+ * See the usage() output for the command line usage. See the file
+ * `key_ladder_demo.sh` for an example run.
+ */
+
+/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
+ !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
+ "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+/* The real program starts here. */
+
+
+
+#include <psa/crypto.h>
+
+/* Run a system function and bail out if it fails. */
+#define SYS_CHECK( expr ) \
+ do \
+ { \
+ if( ! ( expr ) ) \
+ { \
+ perror( #expr ); \
+ status = DEMO_ERROR; \
+ goto exit; \
+ } \
+ } \
+ while( 0 )
+
+/* Run a PSA function and bail out if it fails. */
+#define PSA_CHECK( expr ) \
+ do \
+ { \
+ status = ( expr ); \
+ if( status != PSA_SUCCESS ) \
+ { \
+ printf( "Error %d at line %u: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr ); \
+ goto exit; \
+ } \
+ } \
+ while( 0 )
+
+/* To report operational errors in this program, use an error code that is
+ * different from every PSA error code. */
+#define DEMO_ERROR 120
+
+/* The maximum supported key ladder depth. */
+#define MAX_LADDER_DEPTH 10
+
+/* Salt to use when deriving an intermediate key. */
+#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" )
+#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) )
+
+/* Salt to use when deriving a wrapping key. */
+#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" )
+#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) )
+
+/* Size of the key derivation keys (applies both to the master key and
+ * to intermediate keys). */
+#define KEY_SIZE_BYTES 40
+
+/* Algorithm for key derivation. */
+#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+
+/* Type and size of the key used to wrap data. */
+#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
+#define WRAPPING_KEY_BITS 128
+
+/* Cipher mode used to wrap data. */
+#define WRAPPING_ALG PSA_ALG_CCM
+
+/* Nonce size used to wrap data. */
+#define WRAPPING_IV_SIZE 13
+
+/* Header used in files containing wrapped data. We'll save this header
+ * directly without worrying about data representation issues such as
+ * integer sizes and endianness, because the data is meant to be read
+ * back by the same program on the same machine. */
+#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
+#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) )
+typedef struct
+{
+ char magic[WRAPPED_DATA_MAGIC_LENGTH];
+ size_t ad_size; /* Size of the additional data, which is this header. */
+ size_t payload_size; /* Size of the encrypted data. */
+ /* Store the IV inside the additional data. It's convenient. */
+ uint8_t iv[WRAPPING_IV_SIZE];
+} wrapped_data_header_t;
+
+/* The modes that this program can operate in (see usage). */
+enum program_mode
+{
+ MODE_GENERATE,
+ MODE_SAVE,
+ MODE_UNWRAP,
+ MODE_WRAP
+};
+
+/* Save a key to a file. In the real world, you may want to export a derived
+ * key sometimes, to share it with another party. */
+static psa_status_t save_key( psa_key_handle_t key_handle,
+ const char *output_file_name )
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t key_data[KEY_SIZE_BYTES];
+ size_t key_size;
+ FILE *key_file = NULL;
+
+ PSA_CHECK( psa_export_key( key_handle,
+ key_data, sizeof( key_data ),
+ &key_size ) );
+ SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
+ SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
+ SYS_CHECK( fclose( key_file ) == 0 );
+ key_file = NULL;
+
+exit:
+ if( key_file != NULL)
+ fclose( key_file );
+ return( status );
+}
+
+/* Generate a master key for use in this demo.
+ *
+ * Normally a master key would be non-exportable. For the purpose of this
+ * demo, we want to save it to a file, to avoid relying on the keystore
+ * capability of the PSA crypto library. */
+static psa_status_t generate( const char *key_file_name )
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_handle_t key_handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_CHECK( psa_allocate_key( &key_handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG );
+ PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
+
+ PSA_CHECK( psa_generate_key( key_handle,
+ PSA_KEY_TYPE_DERIVE,
+ PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
+ NULL, 0 ) );
+
+ PSA_CHECK( save_key( key_handle, key_file_name ) );
+
+exit:
+ (void) psa_destroy_key( key_handle );
+ return( status );
+}
+
+/* Load the master key from a file.
+ *
+ * In the real world, this master key would be stored in an internal memory
+ * and the storage would be managed by the keystore capability of the PSA
+ * crypto library. */
+static psa_status_t import_key_from_file( psa_key_usage_t usage,
+ psa_algorithm_t alg,
+ const char *key_file_name,
+ psa_key_handle_t *master_key_handle )
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ uint8_t key_data[KEY_SIZE_BYTES];
+ size_t key_size;
+ FILE *key_file = NULL;
+ unsigned char extra_byte;
+
+ *master_key_handle = 0;
+
+ SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
+ SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
+ key_file ) ) != 0 );
+ if( fread( &extra_byte, 1, 1, key_file ) != 0 )
+ {
+ printf( "Key file too large (max: %u).\n",
+ (unsigned) sizeof( key_data ) );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ SYS_CHECK( fclose( key_file ) == 0 );
+ key_file = NULL;
+
+ PSA_CHECK( psa_allocate_key( master_key_handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
+ PSA_CHECK( psa_import_key( *master_key_handle,
+ PSA_KEY_TYPE_DERIVE,
+ key_data, key_size ) );
+exit:
+ if( key_file != NULL )
+ fclose( key_file );
+ mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
+ if( status != PSA_SUCCESS )
+ {
+ /* If psa_allocate_key hasn't been called yet or has failed,
+ * *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do
+ * nothing and return PSA_ERROR_INVALID_HANDLE. */
+ (void) psa_destroy_key( *master_key_handle );
+ *master_key_handle = 0;
+ }
+ return( status );
+}
+
+/* Derive the intermediate keys, using the list of labels provided on
+ * the command line. On input, *key_handle is a handle to the master key.
+ * This function closes the master key. On successful output, *key_handle
+ * is a handle to the final derived key. */
+static psa_status_t derive_key_ladder( const char *ladder[],
+ size_t ladder_depth,
+ psa_key_handle_t *key_handle )
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ size_t i;
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG );
+
+ /* For each label in turn, ... */
+ for( i = 0; i < ladder_depth; i++ )
+ {
+ /* Start deriving material from the master key (if i=0) or from
+ * the current intermediate key (if i>0). */
+ PSA_CHECK( psa_key_derivation(
+ &generator,
+ *key_handle,
+ KDF_ALG,
+ DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH,
+ (uint8_t*) ladder[i], strlen( ladder[i] ),
+ KEY_SIZE_BYTES ) );
+ /* When the parent key is not the master key, destroy it,
+ * since it is no longer needed. */
+ PSA_CHECK( psa_close_key( *key_handle ) );
+ *key_handle = 0;
+ PSA_CHECK( psa_allocate_key( key_handle ) );
+ PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
+ /* Use the generator obtained from the parent key to create
+ * the next intermediate key. */
+ PSA_CHECK( psa_generator_import_key(
+ *key_handle,
+ PSA_KEY_TYPE_DERIVE,
+ PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
+ &generator ) );
+ PSA_CHECK( psa_generator_abort( &generator ) );
+ }
+
+exit:
+ psa_generator_abort( &generator );
+ if( status != PSA_SUCCESS )
+ {
+ psa_close_key( *key_handle );
+ *key_handle = 0;
+ }
+ return( status );
+}
+
+/* Derive a wrapping key from the last intermediate key. */
+static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
+ psa_key_handle_t derived_key_handle,
+ psa_key_handle_t *wrapping_key_handle )
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+
+ *wrapping_key_handle = 0;
+ PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
+ psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
+ PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
+
+ PSA_CHECK( psa_key_derivation(
+ &generator,
+ derived_key_handle,
+ KDF_ALG,
+ WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
+ NULL, 0,
+ PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
+ PSA_CHECK( psa_generator_import_key(
+ *wrapping_key_handle,
+ PSA_KEY_TYPE_AES,
+ WRAPPING_KEY_BITS,
+ &generator ) );
+
+exit:
+ psa_generator_abort( &generator );
+ if( status != PSA_SUCCESS )
+ {
+ psa_close_key( *wrapping_key_handle );
+ *wrapping_key_handle = 0;
+ }
+ return( status );
+}
+
+static psa_status_t wrap_data( const char *input_file_name,
+ const char *output_file_name,
+ psa_key_handle_t wrapping_key_handle )
+{
+ psa_status_t status;
+ FILE *input_file = NULL;
+ FILE *output_file = NULL;
+ long input_position;
+ size_t input_size;
+ size_t buffer_size = 0;
+ unsigned char *buffer = NULL;
+ size_t ciphertext_size;
+ wrapped_data_header_t header;
+
+ /* Find the size of the data to wrap. */
+ SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+ SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
+ SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
+#if LONG_MAX > SIZE_MAX
+ if( input_position > SIZE_MAX )
+ {
+ printf( "Input file too large.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+#endif
+ input_size = input_position;
+ buffer_size = PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, input_size );
+ /* Check for integer overflow. */
+ if( buffer_size < input_size )
+ {
+ printf( "Input file too large.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Load the data to wrap. */
+ SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
+ SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
+ SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
+ SYS_CHECK( fclose( input_file ) == 0 );
+ input_file = NULL;
+
+ /* Construct a header. */
+ memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH );
+ header.ad_size = sizeof( header );
+ header.payload_size = input_size;
+
+ /* Wrap the data. */
+ PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
+ PSA_CHECK( psa_aead_encrypt( wrapping_key_handle, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof( header ),
+ buffer, input_size,
+ buffer, buffer_size,
+ &ciphertext_size ) );
+
+ /* Write the output. */
+ SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+ SYS_CHECK( fwrite( &header, 1, sizeof( header ),
+ output_file ) == sizeof( header ) );
+ SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
+ output_file ) == ciphertext_size );
+ SYS_CHECK( fclose( output_file ) == 0 );
+ output_file = NULL;
+
+exit:
+ if( input_file != NULL )
+ fclose( input_file );
+ if( output_file != NULL )
+ fclose( output_file );
+ if( buffer != NULL )
+ mbedtls_platform_zeroize( buffer, buffer_size );
+ free( buffer );
+ return( status );
+}
+
+static psa_status_t unwrap_data( const char *input_file_name,
+ const char *output_file_name,
+ psa_key_handle_t wrapping_key_handle )
+{
+ psa_status_t status;
+ FILE *input_file = NULL;
+ FILE *output_file = NULL;
+ unsigned char *buffer = NULL;
+ size_t ciphertext_size = 0;
+ size_t plaintext_size;
+ wrapped_data_header_t header;
+ unsigned char extra_byte;
+
+ /* Load and validate the header. */
+ SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+ SYS_CHECK( fread( &header, 1, sizeof( header ),
+ input_file ) == sizeof( header ) );
+ if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
+ WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
+ {
+ printf( "The input does not start with a valid magic header.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ if( header.ad_size != sizeof( header ) )
+ {
+ printf( "The header size is not correct.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ ciphertext_size =
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, header.payload_size );
+ /* Check for integer overflow. */
+ if( ciphertext_size < header.payload_size )
+ {
+ printf( "Input file too large.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Load the payload data. */
+ SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
+ SYS_CHECK( fread( buffer, 1, ciphertext_size,
+ input_file ) == ciphertext_size );
+ if( fread( &extra_byte, 1, 1, input_file ) != 0 )
+ {
+ printf( "Extra garbage after ciphertext\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ SYS_CHECK( fclose( input_file ) == 0 );
+ input_file = NULL;
+
+ /* Unwrap the data. */
+ PSA_CHECK( psa_aead_decrypt( wrapping_key_handle, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof( header ),
+ buffer, ciphertext_size,
+ buffer, ciphertext_size,
+ &plaintext_size ) );
+ if( plaintext_size != header.payload_size )
+ {
+ printf( "Incorrect payload size in the header.\n" );
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Write the output. */
+ SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+ SYS_CHECK( fwrite( buffer, 1, plaintext_size,
+ output_file ) == plaintext_size );
+ SYS_CHECK( fclose( output_file ) == 0 );
+ output_file = NULL;
+
+exit:
+ if( input_file != NULL )
+ fclose( input_file );
+ if( output_file != NULL )
+ fclose( output_file );
+ if( buffer != NULL )
+ mbedtls_platform_zeroize( buffer, ciphertext_size );
+ free( buffer );
+ return( status );
+}
+
+static psa_status_t run( enum program_mode mode,
+ const char *key_file_name,
+ const char *ladder[], size_t ladder_depth,
+ const char *input_file_name,
+ const char *output_file_name )
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_handle_t derivation_key_handle = 0;
+ psa_key_handle_t wrapping_key_handle = 0;
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK( psa_crypto_init( ) );
+
+ /* Generate mode is unlike the others. Generate the master key and exit. */
+ if( mode == MODE_GENERATE )
+ return( generate( key_file_name ) );
+
+ /* Read the master key. */
+ PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG,
+ key_file_name,
+ &derivation_key_handle ) );
+
+ /* Calculate the derived key for this session. */
+ PSA_CHECK( derive_key_ladder( ladder, ladder_depth,
+ &derivation_key_handle ) );
+
+ switch( mode )
+ {
+ case MODE_SAVE:
+ PSA_CHECK( save_key( derivation_key_handle, output_file_name ) );
+ break;
+ case MODE_UNWRAP:
+ PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT,
+ derivation_key_handle,
+ &wrapping_key_handle ) );
+ PSA_CHECK( unwrap_data( input_file_name, output_file_name,
+ wrapping_key_handle ) );
+ break;
+ case MODE_WRAP:
+ PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT,
+ derivation_key_handle,
+ &wrapping_key_handle ) );
+ PSA_CHECK( wrap_data( input_file_name, output_file_name,
+ wrapping_key_handle ) );
+ break;
+ default:
+ /* Unreachable but some compilers don't realize it. */
+ break;
+ }
+
+exit:
+ /* Close any remaining key. Deinitializing the crypto library would do
+ * this anyway, but explicitly closing handles makes the code easier
+ * to reuse. */
+ (void) psa_close_key( derivation_key_handle );
+ (void) psa_close_key( wrapping_key_handle );
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free( );
+ return( status );
+}
+
+static void usage( void )
+{
+ printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
+ printf( "Demonstrate the usage of a key derivation ladder.\n" );
+ printf( "\n" );
+ printf( "Modes:\n" );
+ printf( " generate Generate the master key\n" );
+ printf( " save Save the derived key\n" );
+ printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
+ printf( " wrap Wrap (encrypt) input with the derived key\n" );
+ printf( "\n" );
+ printf( "Options:\n" );
+ printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
+ printf( " master=FILENAME File containing the master key (default: master.key)\n" );
+ printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
+ printf( " label=TEXT Label for the key derivation.\n" );
+ printf( " This may be repeated multiple times.\n" );
+ printf( " To get the same key, you must use the same master key\n" );
+ printf( " and the same sequence of labels.\n" );
+}
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+ const char *file,
+ int line )
+{
+ printf( "%s:%i: Input param failed - %s\n",
+ file, line, failure_condition );
+ exit( EXIT_FAILURE );
+}
+#endif
+
+int main( int argc, char *argv[] )
+{
+ const char *key_file_name = "master.key";
+ const char *input_file_name = NULL;
+ const char *output_file_name = NULL;
+ const char *ladder[MAX_LADDER_DEPTH];
+ size_t ladder_depth = 0;
+ int i;
+ enum program_mode mode;
+ psa_status_t status;
+
+ if( argc <= 1 ||
+ strcmp( argv[1], "help" ) == 0 ||
+ strcmp( argv[1], "-help" ) == 0 ||
+ strcmp( argv[1], "--help" ) == 0 )
+ {
+ usage( );
+ return( EXIT_SUCCESS );
+ }
+
+ for( i = 2; i < argc; i++ )
+ {
+ char *q = strchr( argv[i], '=' );
+ if( q == NULL )
+ {
+ printf( "Missing argument to option %s\n", argv[i] );
+ goto usage_failure;
+ }
+ *q = 0;
+ ++q;
+ if( strcmp( argv[i], "input" ) == 0 )
+ input_file_name = q;
+ else if( strcmp( argv[i], "label" ) == 0 )
+ {
+ if( ladder_depth == MAX_LADDER_DEPTH )
+ {
+ printf( "Maximum ladder depth %u exceeded.\n",
+ (unsigned) MAX_LADDER_DEPTH );
+ return( EXIT_FAILURE );
+ }
+ ladder[ladder_depth] = q;
+ ++ladder_depth;
+ }
+ else if( strcmp( argv[i], "master" ) == 0 )
+ key_file_name = q;
+ else if( strcmp( argv[i], "output" ) == 0 )
+ output_file_name = q;
+ else
+ {
+ printf( "Unknown option: %s\n", argv[i] );
+ goto usage_failure;
+ }
+ }
+
+ if( strcmp( argv[1], "generate" ) == 0 )
+ mode = MODE_GENERATE;
+ else if( strcmp( argv[1], "save" ) == 0 )
+ mode = MODE_SAVE;
+ else if( strcmp( argv[1], "unwrap" ) == 0 )
+ mode = MODE_UNWRAP;
+ else if( strcmp( argv[1], "wrap" ) == 0 )
+ mode = MODE_WRAP;
+ else
+ {
+ printf( "Unknown action: %s\n", argv[1] );
+ goto usage_failure;
+ }
+
+ if( input_file_name == NULL &&
+ ( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
+ {
+ printf( "Required argument missing: input\n" );
+ return( DEMO_ERROR );
+ }
+ if( output_file_name == NULL &&
+ ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
+ {
+ printf( "Required argument missing: output\n" );
+ return( DEMO_ERROR );
+ }
+
+ status = run( mode, key_file_name,
+ ladder, ladder_depth,
+ input_file_name, output_file_name );
+ return( status == PSA_SUCCESS ?
+ EXIT_SUCCESS :
+ EXIT_FAILURE );
+
+usage_failure:
+ usage( );
+ return( EXIT_FAILURE );
+}
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
new file mode 100755
index 0000000..2cec945
--- /dev/null
+++ b/programs/psa/key_ladder_demo.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+set -e -u
+
+program="${0%/*}"/key_ladder_demo
+files_to_clean=
+
+run () {
+ echo
+ echo "# $1"
+ shift
+ echo "+ $*"
+ "$@"
+}
+
+if [ -e master.key ]; then
+ echo "# Reusing the existing master.key file."
+else
+ files_to_clean="$files_to_clean master.key"
+ run "Generate a master key." \
+ "$program" generate master=master.key
+fi
+
+files_to_clean="$files_to_clean input.txt hello_world.wrap"
+echo "Here is some input. See it wrapped." >input.txt
+run "Derive a key and wrap some data with it." \
+ "$program" wrap master=master.key label=hello label=world \
+ input=input.txt output=hello_world.wrap
+
+files_to_clean="$files_to_clean hello_world.txt"
+run "Derive the same key again and unwrap the data." \
+ "$program" unwrap master=master.key label=hello label=world \
+ input=hello_world.wrap output=hello_world.txt
+run "Compare the unwrapped data with the original input." \
+ cmp input.txt hello_world.txt
+
+files_to_clean="$files_to_clean hellow_orld.txt"
+! run "Derive a different key and attempt to unwrap the data. This must fail." \
+ "$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld
+
+files_to_clean="$files_to_clean hello.key"
+run "Save the first step of the key ladder, then load it as a master key and construct the rest of the ladder." \
+ "$program" save master=master.key label=hello \
+ input=hello_world.wrap output=hello.key
+run "Check that we get the same key by unwrapping data made by the other key." \
+ "$program" unwrap master=hello.key label=world \
+ input=hello_world.wrap output=hello_world.txt
+
+# Cleanup
+rm -f $files_to_clean
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
new file mode 100644
index 0000000..5514100
--- /dev/null
+++ b/programs/psa/psa_constant_names.c
@@ -0,0 +1,266 @@
+#include <errno.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "psa/crypto.h"
+
+/* This block is present to support Visual Studio builds prior to 2015 */
+#if defined(_MSC_VER) && _MSC_VER < 1900
+#include <stdarg.h>
+int snprintf( char *s, size_t n, const char *fmt, ... )
+{
+ int ret;
+ va_list argp;
+
+ /* Avoid calling the invalid parameter handler by checking ourselves */
+ if( s == NULL || n == 0 || fmt == NULL )
+ return( -1 );
+
+ va_start( argp, fmt );
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
+ ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
+#else
+ ret = _vsnprintf( s, n, fmt, argp );
+ if( ret < 0 || (size_t) ret == n )
+ {
+ s[n-1] = '\0';
+ ret = -1;
+ }
+#endif
+ va_end( argp );
+
+ return( ret );
+}
+#endif
+
+/* There are different GET_HASH macros for different kinds of algorithms
+ * built from hashes, but the values are all constructed on the
+ * same model. */
+#define PSA_ALG_GET_HASH(alg) \
+ (((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH)
+
+static void append(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length)
+{
+ *required_size += length;
+ if (*required_size < buffer_size) {
+ memcpy(*buffer, string, length);
+ *buffer += length;
+ }
+}
+
+static void append_integer(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *format /*printf format for value*/,
+ unsigned long value)
+{
+ size_t n = snprintf(*buffer, buffer_size - *required_size, format, value);
+ if (n < buffer_size - *required_size) *buffer += n;
+ *required_size += n;
+}
+
+/* The code of these function is automatically generated and included below. */
+static const char *psa_ecc_curve_name(psa_ecc_curve_t curve);
+static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
+
+static void append_with_curve(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length,
+ psa_ecc_curve_t curve)
+{
+ const char *curve_name = psa_ecc_curve_name(curve);
+ append(buffer, buffer_size, required_size, string, length);
+ append(buffer, buffer_size, required_size, "(", 1);
+ if (curve_name != NULL) {
+ append(buffer, buffer_size, required_size,
+ curve_name, strlen(curve_name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%04x", curve);
+ }
+ append(buffer, buffer_size, required_size, ")", 1);
+}
+
+static void append_with_hash(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length,
+ psa_algorithm_t hash_alg)
+{
+ const char *hash_name = psa_hash_algorithm_name(hash_alg);
+ append(buffer, buffer_size, required_size, string, length);
+ append(buffer, buffer_size, required_size, "(", 1);
+ if (hash_name != NULL) {
+ append(buffer, buffer_size, required_size,
+ hash_name, strlen(hash_name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%08lx", hash_alg);
+ }
+ append(buffer, buffer_size, required_size, ")", 1);
+}
+
+#include "psa_constant_names_generated.c"
+
+static int psa_snprint_status(char *buffer, size_t buffer_size,
+ psa_status_t status)
+{
+ const char *name = psa_strerror(status);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "%ld", (long) status);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
+static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size,
+ psa_ecc_curve_t curve)
+{
+ const char *name = psa_ecc_curve_name(curve);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "0x%04x", (unsigned) curve);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
+static void usage(const char *program_name)
+{
+ printf("Usage: %s TYPE VALUE [VALUE...]\n",
+ program_name == NULL ? "psa_constant_names" : program_name);
+ printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n");
+ printf("Supported types (with = between aliases):\n");
+ printf(" alg=algorithm Algorithm (psa_algorithm_t)\n");
+ printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n");
+ printf(" type=key_type Key type (psa_key_type_t)\n");
+ printf(" usage=key_usage Key usage (psa_key_usage_t)\n");
+ printf(" error=status Status code (psa_status_t)\n");
+}
+
+typedef enum {
+ TYPE_STATUS,
+} signed_value_type;
+
+int process_signed(signed_value_type type, long min, long max, char **argp)
+{
+ for (; *argp != NULL; argp++) {
+ char buffer[200];
+ char *end;
+ long value = strtol(*argp, &end, 0);
+ if (*end) {
+ printf("Non-numeric value: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value < min || (errno == ERANGE && value < 0)) {
+ printf("Value too small: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value > max || (errno == ERANGE && value > 0)) {
+ printf("Value too large: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+
+ switch (type) {
+ case TYPE_STATUS:
+ psa_snprint_status(buffer, sizeof(buffer),
+ (psa_status_t) value);
+ break;
+ }
+ puts(buffer);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+typedef enum {
+ TYPE_ALGORITHM,
+ TYPE_ECC_CURVE,
+ TYPE_KEY_TYPE,
+ TYPE_KEY_USAGE,
+} unsigned_value_type;
+
+int process_unsigned(unsigned_value_type type, unsigned long max, char **argp)
+{
+ for (; *argp != NULL; argp++) {
+ char buffer[200];
+ char *end;
+ unsigned long value = strtoul(*argp, &end, 0);
+ if (*end) {
+ printf("Non-numeric value: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value > max || errno == ERANGE) {
+ printf("Value out of range: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+
+ switch (type) {
+ case TYPE_ALGORITHM:
+ psa_snprint_algorithm(buffer, sizeof(buffer),
+ (psa_algorithm_t) value);
+ break;
+ case TYPE_ECC_CURVE:
+ psa_snprint_ecc_curve(buffer, sizeof(buffer),
+ (psa_ecc_curve_t) value);
+ break;
+ case TYPE_KEY_TYPE:
+ psa_snprint_key_type(buffer, sizeof(buffer),
+ (psa_key_type_t) value);
+ break;
+ case TYPE_KEY_USAGE:
+ psa_snprint_key_usage(buffer, sizeof(buffer),
+ (psa_key_usage_t) value);
+ break;
+ }
+ puts(buffer);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+int main(int argc, char *argv[])
+{
+ if (argc <= 1 ||
+ !strcmp(argv[1], "help") ||
+ !strcmp(argv[1], "--help"))
+ {
+ usage(argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status")) {
+ /* There's no way to obtain the actual range of a signed type,
+ * so hard-code it here: psa_status_t is int32_t. */
+ return process_signed(TYPE_STATUS, INT32_MIN, INT32_MAX,
+ argv + 2);
+ } else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm")) {
+ return process_unsigned(TYPE_ALGORITHM, (psa_algorithm_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
+ return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
+ return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage")) {
+ return process_unsigned(TYPE_KEY_USAGE, (psa_key_usage_t) (-1),
+ argv + 2);
+ } else {
+ printf("Unknown type: %s\n", argv[1]);
+ return EXIT_FAILURE;
+ }
+}
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 803920c..f28a47d 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -34,14 +34,14 @@
target_link_libraries(ssl_client1 ${libs})
add_executable(ssl_client2 ssl_client2.c)
-target_sources(ssl_client2 PUBLIC query_config.c)
+target_sources(ssl_client2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_client2 ${libs})
add_executable(ssl_server ssl_server.c)
target_link_libraries(ssl_server ${libs})
add_executable(ssl_server2 ssl_server2.c)
-target_sources(ssl_server2 PUBLIC query_config.c)
+target_sources(ssl_server2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_server2 ${libs})
add_executable(ssl_fork_server ssl_fork_server.c)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 282ef58..64ed379 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -28,7 +28,7 @@
target_link_libraries(zeroize ${libs})
add_executable(query_compile_time_config query_compile_time_config.c)
-target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
+target_sources(query_compile_time_config PUBLIC query_config.c)
target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark udp_proxy query_compile_time_config
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index 9cd5090..f33038f 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -45,7 +45,6 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/cmac.h"
-#include "mbedtls/compat-1.3.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/debug.h"
#include "mbedtls/des.h"
@@ -97,10 +96,6 @@
#include "mbedtls/threading.h"
#include "mbedtls/timing.h"
#include "mbedtls/version.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
#if defined(MBEDTLS_PLATFORM_C)
diff --git a/programs/ssl/query_config.c b/programs/test/query_config.c
similarity index 99%
rename from programs/ssl/query_config.c
rename to programs/test/query_config.c
index 143a45d..3e9abd4 100644
--- a/programs/ssl/query_config.c
+++ b/programs/test/query_config.c
@@ -1146,6 +1146,14 @@
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
#if defined(MBEDTLS_MEMORY_DEBUG)
if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )
{
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 9d3ea7e..fac7e92 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -51,7 +51,6 @@
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
#include "mbedtls/xtea.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/ecp.h"
@@ -245,9 +244,6 @@
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
#endif
-#if defined(MBEDTLS_X509_USE_C)
- {"x509", mbedtls_x509_self_test},
-#endif
#if defined(MBEDTLS_XTEA_C)
{"xtea", mbedtls_xtea_self_test},
#endif
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index c39a86a..cf875c8 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -132,7 +132,7 @@
[ $VERBOSE ] && echo "Re-generating library/error.c"
scripts/generate_errors.pl
-[ $VERBOSE ] && echo "Re-generating programs/ssl/query_config.c"
+[ $VERBOSE ] && echo "Re-generating programs/test/query_config.c"
scripts/generate_query_config.pl
[ $VERBOSE ] && echo "Re-generating library/version_features.c"
diff --git a/scripts/config.pl b/scripts/config.pl
index 6300362..6927c4b 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -28,7 +28,6 @@
# MBEDTLS_ECP_DP_M511_ENABLED
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
-# MBEDTLS_PSA_CRYPTO_C
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -40,10 +39,6 @@
# MBEDTLS_PKCS11_C
# MBEDTLS_USE_PSA_CRYPTO
# - experimental, and more an alternative implementation than a feature
-# MBEDTLS_PSA_CRYPTO_STORAGE_C
-# MBEDTLS_PSA_ITS_FILE_C
-# MBEDTLS_PSA_CRYPTO_SPM
-# MBEDTLS_PSA_INJECT_ENTROPY
# and any symbol beginning _ALT
#
@@ -95,7 +90,6 @@
MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_PSA_CRYPTO_C
MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_REMOVE_3DES_CIPHERSUITES
@@ -106,11 +100,10 @@
MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
-MBEDTLS_USE_PSA_CRYPTO
-MBEDTLS_PSA_CRYPTO_STORAGE_C
-MBEDTLS_PSA_ITS_FILE_C
MBEDTLS_PSA_CRYPTO_SPM
+MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
MBEDTLS_PSA_INJECT_ENTROPY
+MBEDTLS_USE_PSA_CRYPTO
_ALT\s*$
);
@@ -130,6 +123,9 @@
MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_PLATFORM_FPRINTF_ALT
+MBEDTLS_PSA_CRYPTO_STORAGE_C
+MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+MBEDTLS_PSA_ITS_FILE_C
);
# Things that should be enabled in "full" even if they match @excluded
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
new file mode 100755
index 0000000..382fd23
--- /dev/null
+++ b/scripts/generate_psa_constants.py
@@ -0,0 +1,304 @@
+#!/usr/bin/env python
+import os
+import re
+import sys
+
+output_template = '''\
+/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */
+
+static const char *psa_strerror(psa_status_t status)
+{
+ switch (status) {
+ %(status_cases)s
+ default: return NULL;
+ }
+}
+
+static const char *psa_ecc_curve_name(psa_ecc_curve_t curve)
+{
+ switch (curve) {
+ %(ecc_curve_cases)s
+ default: return NULL;
+ }
+}
+
+static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
+{
+ switch (hash_alg) {
+ %(hash_algorithm_cases)s
+ default: return NULL;
+ }
+}
+
+static int psa_snprint_key_type(char *buffer, size_t buffer_size,
+ psa_key_type_t type)
+{
+ size_t required_size = 0;
+ switch (type) {
+ %(key_type_cases)s
+ default:
+ %(key_type_code)s{
+ return snprintf(buffer, buffer_size,
+ "0x%%08lx", (unsigned long) type);
+ }
+ break;
+ }
+ buffer[0] = 0;
+ return (int) required_size;
+}
+
+static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
+ psa_algorithm_t alg)
+{
+ size_t required_size = 0;
+ psa_algorithm_t core_alg = alg;
+ unsigned long length_modifier = 0;
+ if (PSA_ALG_IS_MAC(alg)) {
+ core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
+ if (core_alg != alg) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_TRUNCATED_MAC(", 22);
+ length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
+ }
+ } else if (PSA_ALG_IS_AEAD(alg)) {
+ core_alg = PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg);
+ if (core_alg == 0) {
+ /* For unknown AEAD algorithms, there is no "default tag length". */
+ core_alg = alg;
+ } else if (core_alg != alg) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29);
+ length_modifier = PSA_AEAD_TAG_LENGTH(alg);
+ }
+ }
+ switch (core_alg) {
+ %(algorithm_cases)s
+ default:
+ %(algorithm_code)s{
+ append_integer(&buffer, buffer_size, &required_size,
+ "0x%%08lx", (unsigned long) core_alg);
+ }
+ break;
+ }
+ if (core_alg != alg) {
+ append(&buffer, buffer_size, &required_size, ", ", 2);
+ append_integer(&buffer, buffer_size, &required_size,
+ "%%lu", length_modifier);
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ }
+ buffer[0] = 0;
+ return (int) required_size;
+}
+
+static int psa_snprint_key_usage(char *buffer, size_t buffer_size,
+ psa_key_usage_t usage)
+{
+ size_t required_size = 0;
+ if (usage == 0) {
+ if (buffer_size > 1) {
+ buffer[0] = '0';
+ buffer[1] = 0;
+ } else if (buffer_size == 1) {
+ buffer[0] = 0;
+ }
+ return 1;
+ }
+%(key_usage_code)s
+ if (usage != 0) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append_integer(&buffer, buffer_size, &required_size,
+ "0x%%08lx", (unsigned long) usage);
+ } else {
+ buffer[0] = 0;
+ }
+ return (int) required_size;
+}
+
+/* End of automatically generated file. */
+'''
+
+key_type_from_curve_template = '''if (%(tester)s(type)) {
+ append_with_curve(&buffer, buffer_size, &required_size,
+ "%(builder)s", %(builder_length)s,
+ PSA_KEY_TYPE_GET_CURVE(type));
+ } else '''
+
+algorithm_from_hash_template = '''if (%(tester)s(core_alg)) {
+ append_with_hash(&buffer, buffer_size, &required_size,
+ "%(builder)s", %(builder_length)s,
+ PSA_ALG_GET_HASH(core_alg));
+ } else '''
+
+bit_test_template = '''\
+ if (%(var)s & %(flag)s) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "%(flag)s", %(length)d);
+ %(var)s ^= %(flag)s;
+ }\
+'''
+
+class MacroCollector:
+ def __init__(self):
+ self.statuses = set()
+ self.key_types = set()
+ self.key_types_from_curve = {}
+ self.ecc_curves = set()
+ self.algorithms = set()
+ self.hash_algorithms = set()
+ self.algorithms_from_hash = {}
+ self.key_usages = set()
+
+ # "#define" followed by a macro name with either no parameters
+ # or a single parameter. Grab the macro name in group 1, the
+ # parameter name if any in group 2 and the definition in group 3.
+ definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?')
+
+ def read_line(self, line):
+ m = re.match(self.definition_re, line)
+ if not m:
+ return
+ name, parameter, definition = m.groups()
+ if name.endswith('_FLAG') or name.endswith('MASK'):
+ # Macro only to build actual values
+ return
+ elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
+ and not parameter:
+ if name in [
+ 'PSA_ERROR_UNKNOWN_ERROR',
+ 'PSA_ERROR_OCCUPIED_SLOT',
+ 'PSA_ERROR_EMPTY_SLOT',
+ 'PSA_ERROR_INSUFFICIENT_CAPACITY',
+ ]:
+ # Ad hoc skipping of deprecated error codes, which share
+ # numerical values with non-deprecated error codes
+ return
+
+ self.statuses.add(name)
+ elif name.startswith('PSA_KEY_TYPE_') and not parameter:
+ self.key_types.add(name)
+ elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
+ self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
+ elif name.startswith('PSA_ECC_CURVE_') and not parameter:
+ self.ecc_curves.add(name)
+ elif name.startswith('PSA_ALG_') and not parameter:
+ if name in ['PSA_ALG_ECDSA_BASE',
+ 'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
+ # Ad hoc skipping of duplicate names for some numerical values
+ return
+ self.algorithms.add(name)
+ # Ad hoc detection of hash algorithms
+ if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
+ self.hash_algorithms.add(name)
+ elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
+ if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
+ # A naming irregularity
+ tester = name[:8] + 'IS_RANDOMIZED_' + name[8:]
+ else:
+ tester = name[:8] + 'IS_' + name[8:]
+ self.algorithms_from_hash[name] = tester
+ elif name.startswith('PSA_KEY_USAGE_') and not parameter:
+ self.key_usages.add(name)
+ else:
+ # Other macro without parameter
+ return
+
+ def read_file(self, header_file):
+ for line in header_file:
+ self.read_line(line)
+
+ def make_return_case(self, name):
+ return 'case %(name)s: return "%(name)s";' % {'name': name}
+
+ def make_append_case(self, name):
+ template = ('case %(name)s: '
+ 'append(&buffer, buffer_size, &required_size, "%(name)s", %(length)d); '
+ 'break;')
+ return template % {'name': name, 'length': len(name)}
+
+ def make_inner_append_case(self, name):
+ template = ('case %(name)s: '
+ 'append(buffer, buffer_size, required_size, "%(name)s", %(length)d); '
+ 'break;')
+ return template % {'name': name, 'length': len(name)}
+
+ def make_bit_test(self, var, flag):
+ return bit_test_template % {'var': var,
+ 'flag': flag,
+ 'length': len(flag)}
+
+ def make_status_cases(self):
+ return '\n '.join(map(self.make_return_case,
+ sorted(self.statuses)))
+
+ def make_ecc_curve_cases(self):
+ return '\n '.join(map(self.make_return_case,
+ sorted(self.ecc_curves)))
+
+ def make_key_type_cases(self):
+ return '\n '.join(map(self.make_append_case,
+ sorted(self.key_types)))
+
+ def make_key_type_from_curve_code(self, builder, tester):
+ return key_type_from_curve_template % {'builder': builder,
+ 'builder_length': len(builder),
+ 'tester': tester}
+
+ def make_key_type_code(self):
+ d = self.key_types_from_curve
+ make = self.make_key_type_from_curve_code
+ return ''.join([make(k, d[k]) for k in sorted(d.keys())])
+
+ def make_hash_algorithm_cases(self):
+ return '\n '.join(map(self.make_return_case,
+ sorted(self.hash_algorithms)))
+
+ def make_algorithm_cases(self):
+ return '\n '.join(map(self.make_append_case,
+ sorted(self.algorithms)))
+
+ def make_algorithm_from_hash_code(self, builder, tester):
+ return algorithm_from_hash_template % {'builder': builder,
+ 'builder_length': len(builder),
+ 'tester': tester}
+
+ def make_algorithm_code(self):
+ d = self.algorithms_from_hash
+ make = self.make_algorithm_from_hash_code
+ return ''.join([make(k, d[k]) for k in sorted(d.keys())])
+
+ def make_key_usage_code(self):
+ return '\n'.join([self.make_bit_test('usage', bit)
+ for bit in sorted(self.key_usages)])
+
+ def write_file(self, output_file):
+ data = {}
+ data['status_cases'] = self.make_status_cases()
+ data['ecc_curve_cases'] = self.make_ecc_curve_cases()
+ data['key_type_cases'] = self.make_key_type_cases()
+ data['key_type_code'] = self.make_key_type_code()
+ data['hash_algorithm_cases'] = self.make_hash_algorithm_cases()
+ data['algorithm_cases'] = self.make_algorithm_cases()
+ data['algorithm_code'] = self.make_algorithm_code()
+ data['key_usage_code'] = self.make_key_usage_code()
+ output_file.write(output_template % data)
+
+def generate_psa_constants(header_file_names, output_file_name):
+ collector = MacroCollector()
+ for header_file_name in header_file_names:
+ with open(header_file_name) as header_file:
+ collector.read_file(header_file)
+ temp_file_name = output_file_name + '.tmp'
+ with open(temp_file_name, 'w') as output_file:
+ collector.write_file(output_file)
+ os.rename(temp_file_name, output_file_name)
+
+if __name__ == '__main__':
+ if not os.path.isdir('programs') and os.path.isdir('../programs'):
+ os.chdir('..')
+ generate_psa_constants(['include/psa/crypto_values.h',
+ 'include/psa/crypto_extra.h'],
+ 'programs/psa/psa_constant_names_generated.c')
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index f15e03a..d94fdad 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -21,7 +21,7 @@
my $config_file = "./include/mbedtls/config.h";
my $query_config_format_file = "./scripts/data_files/query_config.fmt";
-my $query_config_file = "./programs/ssl/query_config.c";
+my $query_config_file = "./programs/test/query_config.c";
# Excluded macros from the generated query_config.c. For example, macros that
# have commas or function-like macros cannot be transformed into strings easily
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 9913976..42f3024 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -19,7 +19,8 @@
my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
my $programs_dir = 'programs';
-my $header_dir = 'include/mbedtls';
+my $mbedtls_header_dir = 'include/mbedtls';
+my $psa_header_dir = 'include/psa';
my $source_dir = 'library';
# Need windows line endings!
@@ -53,7 +54,8 @@
sub check_dirs {
return -d $vsx_dir
- && -d $header_dir
+ && -d $mbedtls_header_dir
+ && -d $psa_header_dir
&& -d $source_dir
&& -d $programs_dir;
}
@@ -96,7 +98,7 @@
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
$appname eq "query_compile_time_config" ) {
- $srcs .= "\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>\r";
+ $srcs .= "\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>\r";
}
my $content = $template;
@@ -137,9 +139,11 @@
}
sub gen_main_file {
- my ($headers, $sources, $hdr_tpl, $src_tpl, $main_tpl, $main_out) = @_;
+ my ($mbedtls_headers, $psa_headers, $source_headers, $sources, $hdr_tpl, $src_tpl, $main_tpl, $main_out) = @_;
- my $header_entries = gen_entry_list( $hdr_tpl, @$headers );
+ my $header_entries = gen_entry_list( $hdr_tpl, @$mbedtls_headers );
+ $header_entries .= gen_entry_list( $hdr_tpl, @$psa_headers );
+ $header_entries .= gen_entry_list( $hdr_tpl, @$source_headers );
my $source_entries = gen_entry_list( $src_tpl, @$sources );
my $out = slurp_file( $main_tpl );
@@ -193,15 +197,18 @@
del_vsx_files();
my @app_list = get_app_list();
- my @headers = <$header_dir/*.h>;
+ my @mbedtls_headers = <$mbedtls_header_dir/*.h>;
+ my @psa_headers = <$psa_header_dir/*.h>;
+ my @source_headers = <$source_dir/*.h>;
my @sources = <$source_dir/*.c>;
- map { s!/!\\!g } @headers;
+ map { s!/!\\!g } @mbedtls_headers;
+ map { s!/!\\!g } @psa_headers;
map { s!/!\\!g } @sources;
gen_app_files( @app_list );
- gen_main_file( \@headers, \@sources,
- $vsx_hdr_tpl, $vsx_src_tpl,
+ gen_main_file( \@mbedtls_headers, \@psa_headers, \@source_headers,
+ \@sources, $vsx_hdr_tpl, $vsx_src_tpl,
$vsx_main_tpl_file, $vsx_main_file );
gen_vsx_solution( @app_list );
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index c809d46..132963c 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -15,7 +15,6 @@
# - type and version of the operating system
# - version of armcc, clang, gcc-arm and gcc compilers
# - version of libc, clang, asan and valgrind if installed
-# - version of gnuTLS and OpenSSL
print_version()
{
@@ -74,42 +73,6 @@
print_version "valgrind" "--version" "valgrind not found!"
echo
-: ${OPENSSL:=openssl}
-print_version "$OPENSSL" "version" "openssl not found!"
-echo
-
-if [ -n "${OPENSSL_LEGACY+set}" ]; then
- print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
- echo
-fi
-
-if [ -n "${OPENSSL_NEXT+set}" ]; then
- print_version "$OPENSSL_NEXT" "version" "openssl next version not found!"
- echo
-fi
-
-: ${GNUTLS_CLI:=gnutls-cli}
-print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
-echo
-
-: ${GNUTLS_SERV:=gnutls-serv}
-print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
-echo
-
-if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
- print_version "$GNUTLS_LEGACY_CLI" "--version" \
- "gnuTLS client legacy version not found!" \
- "head -n 1"
- echo
-fi
-
-if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
- print_version "$GNUTLS_LEGACY_SERV" "--version" \
- "gnuTLS server legacy version not found!" \
- "head -n 1"
- echo
-fi
-
if `hash dpkg > /dev/null 2>&1`; then
echo "* asan:"
dpkg -s libasan2 2> /dev/null | grep -i version
diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile
index ed04053..78a7878 100644
--- a/tests/.jenkins/Jenkinsfile
+++ b/tests/.jenkins/Jenkinsfile
@@ -1 +1 @@
-mbedtls.run_job()
+mbedtls_psa.run_job()
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 06b8997..fd02964 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -40,13 +40,25 @@
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
)
+ set(exe_name test_suite_${data_name})
+ # Add a prefix to differentiate these tests from those of the parent
+ # module, when this project is built as a submodule.
+ if(USE_CRYPTO_SUBMODULE)
+ set(exe_name crypto.${exe_name})
+ endif()
+
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
- add_executable(test_suite_${data_name} test_suite_${data_name}.c)
- target_link_libraries(test_suite_${data_name} ${libs})
+ add_executable(${exe_name} test_suite_${data_name}.c)
+ target_link_libraries(${exe_name} ${libs})
+ target_include_directories(${exe_name}
+ PUBLIC ${CMAKE_SOURCE_DIR}/include/
+ PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
+ PRIVATE ${CMAKE_SOURCE_DIR}/crypto/library/)
+
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")
else()
- add_test(${data_name}-suite test_suite_${data_name} --verbose)
+ add_test(${data_name}-suite ${exe_name} --verbose)
endif()
endfunction(add_test_suite)
@@ -60,88 +72,91 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
-if(NOT USE_CRYPTO_SUBMODULE)
- add_test_suite(aes aes.ecb)
- add_test_suite(aes aes.cbc)
- add_test_suite(aes aes.cfb)
- add_test_suite(aes aes.ofb)
- add_test_suite(aes aes.rest)
- add_test_suite(aes aes.xts)
- add_test_suite(arc4)
- add_test_suite(aria)
- add_test_suite(asn1write)
- add_test_suite(base64)
- add_test_suite(blowfish)
- add_test_suite(camellia)
- add_test_suite(ccm)
- add_test_suite(chacha20)
- add_test_suite(chachapoly)
- add_test_suite(cipher cipher.aes)
- add_test_suite(cipher cipher.arc4)
- add_test_suite(cipher cipher.blowfish)
- add_test_suite(cipher cipher.camellia)
- add_test_suite(cipher cipher.ccm)
- add_test_suite(cipher cipher.chacha20)
- add_test_suite(cipher cipher.chachapoly)
- add_test_suite(cipher cipher.des)
- add_test_suite(cipher cipher.gcm)
- add_test_suite(cipher cipher.misc)
- add_test_suite(cipher cipher.null)
- add_test_suite(cipher cipher.padding)
- add_test_suite(cipher cipher.nist_kw)
- add_test_suite(cmac)
- add_test_suite(ctr_drbg)
- add_test_suite(des)
- add_test_suite(dhm)
- add_test_suite(ecdh)
- add_test_suite(ecdsa)
- add_test_suite(ecjpake)
- add_test_suite(ecp)
- add_test_suite(entropy)
- add_test_suite(error)
- add_test_suite(gcm gcm.aes128_en)
- add_test_suite(gcm gcm.aes192_en)
- add_test_suite(gcm gcm.aes256_en)
- add_test_suite(gcm gcm.aes128_de)
- add_test_suite(gcm gcm.aes192_de)
- add_test_suite(gcm gcm.aes256_de)
- add_test_suite(gcm gcm.camellia)
- add_test_suite(gcm gcm.misc)
- add_test_suite(hkdf)
- add_test_suite(hmac_drbg hmac_drbg.misc)
- add_test_suite(hmac_drbg hmac_drbg.no_reseed)
- add_test_suite(hmac_drbg hmac_drbg.nopr)
- add_test_suite(hmac_drbg hmac_drbg.pr)
- add_test_suite(md)
- add_test_suite(mdx)
- add_test_suite(memory_buffer_alloc)
- add_test_suite(mpi)
- add_test_suite(nist_kw)
- add_test_suite(oid)
- add_test_suite(pem)
- add_test_suite(pkcs1_v15)
- add_test_suite(pkcs1_v21)
- add_test_suite(pkcs5)
- add_test_suite(pk)
- add_test_suite(pkparse)
- add_test_suite(pkwrite)
- add_test_suite(poly1305)
- add_test_suite(shax)
- add_test_suite(timing)
- add_test_suite(rsa)
- add_test_suite(xtea)
+add_test_suite(aes aes.ecb)
+add_test_suite(aes aes.cbc)
+add_test_suite(aes aes.cfb)
+add_test_suite(aes aes.ofb)
+add_test_suite(aes aes.rest)
+add_test_suite(aes aes.xts)
+add_test_suite(arc4)
+add_test_suite(aria)
+add_test_suite(asn1write)
+add_test_suite(base64)
+add_test_suite(blowfish)
+add_test_suite(camellia)
+add_test_suite(ccm)
+add_test_suite(chacha20)
+add_test_suite(chachapoly)
+add_test_suite(cipher cipher.aes)
+add_test_suite(cipher cipher.arc4)
+add_test_suite(cipher cipher.blowfish)
+add_test_suite(cipher cipher.camellia)
+add_test_suite(cipher cipher.ccm)
+add_test_suite(cipher cipher.chacha20)
+add_test_suite(cipher cipher.chachapoly)
+add_test_suite(cipher cipher.des)
+add_test_suite(cipher cipher.gcm)
+add_test_suite(cipher cipher.misc)
+add_test_suite(cipher cipher.nist_kw)
+add_test_suite(cipher cipher.null)
+add_test_suite(cipher cipher.padding)
+add_test_suite(cmac)
+add_test_suite(ctr_drbg)
+add_test_suite(des)
+add_test_suite(dhm)
+add_test_suite(ecdh)
+add_test_suite(ecdsa)
+add_test_suite(ecjpake)
+add_test_suite(ecp)
+add_test_suite(entropy)
+add_test_suite(error)
+add_test_suite(gcm gcm.aes128_en)
+add_test_suite(gcm gcm.aes192_en)
+add_test_suite(gcm gcm.aes256_en)
+add_test_suite(gcm gcm.aes128_de)
+add_test_suite(gcm gcm.aes192_de)
+add_test_suite(gcm gcm.aes256_de)
+add_test_suite(gcm gcm.camellia)
+add_test_suite(gcm gcm.misc)
+add_test_suite(hkdf)
+add_test_suite(hmac_drbg hmac_drbg.misc)
+add_test_suite(hmac_drbg hmac_drbg.no_reseed)
+add_test_suite(hmac_drbg hmac_drbg.nopr)
+add_test_suite(hmac_drbg hmac_drbg.pr)
+add_test_suite(md)
+add_test_suite(mdx)
+add_test_suite(memory_buffer_alloc)
+add_test_suite(mpi)
+add_test_suite(nist_kw)
+add_test_suite(oid)
+add_test_suite(pem)
+add_test_suite(pkcs1_v15)
+add_test_suite(pkcs1_v21)
+add_test_suite(pkcs5)
+add_test_suite(pk)
+add_test_suite(pkparse)
+add_test_suite(pkwrite)
+add_test_suite(poly1305)
+add_test_suite(psa_crypto)
+add_test_suite(psa_crypto_entropy)
+add_test_suite(psa_crypto_hash)
+add_test_suite(psa_crypto_init)
+add_test_suite(psa_crypto_metadata)
+add_test_suite(psa_crypto_persistent_key)
+add_test_suite(psa_crypto_slot_management)
+add_test_suite(psa_its)
+add_test_suite(shax)
+add_test_suite(timing)
+add_test_suite(rsa)
+add_test_suite(xtea)
+if (NOT USE_CRYPTO_SUBMODULE)
+ add_test_suite(version)
endif()
-add_test_suite(debug)
-add_test_suite(ssl)
-add_test_suite(version)
-add_test_suite(x509parse)
-add_test_suite(x509write)
# Make scripts and data files needed for testing available in an
# out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
- link_to_source(compat.sh)
link_to_source(data_files)
link_to_source(scripts)
- link_to_source(ssl-opt.sh)
+ link_to_source(suites)
endif()
diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt
index 8b13bb3..3e9b255 100644
--- a/tests/Descriptions.txt
+++ b/tests/Descriptions.txt
@@ -2,21 +2,9 @@
The various 'test_suite_XXX' programs from the 'tests' directory, executed
using 'make check' (Unix make) or 'make test' (Cmake), include test cases
(reference test vectors, sanity checks, malformed input for parsing
- functions, etc.) for all modules except the SSL modules.
+ functions, etc.) for all modules.
selftests
The 'programs/test/selftest' program runs the 'XXX_self_test()' functions
of each individual module. Most of them are included in the respective
test suite, but some slower ones are only included here.
-
-compat
- The 'tests/compat.sh' script checks interoperability with OpenSSL and
- GnuTLS (and ourselves!) for every common ciphersuite, in every TLS
- version, both ways (client/server), using client authentication or not.
- For each ciphersuite/version/side/authmode it performs a full handshake
- and a small data exchange.
-
-ssl_opt
- The 'tests/ssl-opt.sh' script checks various options and/or operations not
- covered by compat.sh: session resumption (using session cache or tickets),
- renegotiation, SNI, other extensions, etc.
diff --git a/tests/Makefile b/tests/Makefile
index f5cc409..8db7920 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,29 +6,22 @@
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+CRYPTO_INCLUDES ?= -I../include
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(CRYPTO_INCLUDES) -I../library -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
-ifdef USE_CRYPTO_SUBMODULE
-LOCAL_LDFLAGS += -L../crypto/library
-LOCAL_CFLAGS += -I../crypto/include
-CRYPTO := ../crypto/library/
-else
-CRYPTO := ../library/
-endif
-
# Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
# on non-POSIX platforms.
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED
-DEP=$(CRYPTO)libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else
-DEP=$(CRYPTO)libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -66,53 +59,15 @@
# constructed by stripping path 'suites/' and extension .data.
APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
+# When this project is used as a submodule, exclude the following list of
+# tests, which will be run from the parent module instead.
ifdef USE_CRYPTO_SUBMODULE
APPS := $(filter-out \
- test_suite_aes.% \
- test_suite_arc4 \
- test_suite_aria \
- test_suite_asn1write \
- test_suite_base64 \
- test_suite_blowfish \
- test_suite_camellia \
- test_suite_ccm \
- test_suite_chacha20 \
- test_suite_chachapoly \
- test_suite_cipher.% \
- test_suite_cmac \
- test_suite_ctr_drbg \
- test_suite_des \
- test_suite_dhm \
- test_suite_ecdh \
- test_suite_ecdsa \
- test_suite_ecjpake \
- test_suite_ecp \
- test_suite_entropy \
- test_suite_error \
- test_suite_gcm.% \
- test_suite_hkdf \
- test_suite_hmac_drbg.% \
- test_suite_md \
- test_suite_mdx \
- test_suite_memory_buffer_alloc \
- test_suite_mpi \
- test_suite_nist_kw \
- test_suite_oid \
- test_suite_pem \
- test_suite_pk \
- test_suite_pkcs1_v15 \
- test_suite_pkcs1_v21 \
- test_suite_pkcs5 \
- test_suite_pkparse \
- test_suite_pkwrite \
- test_suite_poly1305 \
- test_suite_rsa \
- test_suite_shax \
- test_suite_timing \
- test_suite_xtea \
- ,$(APPS))
+ test_suite_version \
+ ,$(APPS))
endif
+
# Construct executable name by adding OS specific suffix $(EXEXT).
BINARIES := $(addsuffix $(EXEXT),$(APPS))
@@ -162,7 +117,9 @@
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax TESTS
else
- del /Q /F *.c *.exe *.datax
+ if exist *.c del /Q /F *.c
+ if exist *.exe del /Q /F *.exe
+ if exist *.datax del /Q /F *.datax
ifneq ($(wildcard TESTS/.*),)
rmdir /Q /S TESTS
endif
diff --git a/tests/compat.sh b/tests/compat.sh
deleted file mode 100755
index 0eae1ea..0000000
--- a/tests/compat.sh
+++ /dev/null
@@ -1,1414 +0,0 @@
-#!/bin/sh
-
-# compat.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Test interoperbility with OpenSSL, GnuTLS as well as itself.
-#
-# Check each common ciphersuite, with each version, both ways (client/server),
-# with and without client authentication.
-
-set -u
-
-# initialise counters
-TESTS=0
-FAILED=0
-SKIPPED=0
-SRVMEM=0
-
-# default commands, can be overridden by the environment
-: ${M_SRV:=../programs/ssl/ssl_server2}
-: ${M_CLI:=../programs/ssl/ssl_client2}
-: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
-: ${GNUTLS_CLI:=gnutls-cli}
-: ${GNUTLS_SERV:=gnutls-serv}
-
-# do we have a recent enough GnuTLS?
-if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
- G_VER="$( $GNUTLS_CLI --version | head -n1 )"
- if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version
- PEER_GNUTLS=" GnuTLS"
- else
- eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
- if [ $MAJOR -lt 3 -o \
- \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
- \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
- then
- PEER_GNUTLS=""
- else
- PEER_GNUTLS=" GnuTLS"
- if [ $MINOR -lt 4 ]; then
- GNUTLS_MINOR_LT_FOUR='x'
- fi
- fi
- fi
-else
- PEER_GNUTLS=""
-fi
-
-# default values for options
-MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
-VERIFIES="NO YES"
-TYPES="ECDSA RSA PSK"
-FILTER=""
-# exclude:
-# - NULL: excluded from our default config
-# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
-# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
-# - ChachaPoly: requires OpenSSL >= 1.1.0
-# - 3DES: not in default config
-EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
-VERBOSE=""
-MEMCHECK=0
-PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
-
-# hidden option: skip DTLS with OpenSSL
-# (travis CI has a version that doesn't work for us)
-: ${OSSL_NO_DTLS:=0}
-
-print_usage() {
- echo "Usage: $0"
- printf " -h|--help\tPrint this help.\n"
- printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n"
- printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n"
- printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n"
- printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n"
- printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n"
- printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n"
- printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
- printf " -M|--memcheck\tCheck memory leaks and errors.\n"
- printf " -v|--verbose\tSet verbose output.\n"
-}
-
-get_options() {
- while [ $# -gt 0 ]; do
- case "$1" in
- -f|--filter)
- shift; FILTER=$1
- ;;
- -e|--exclude)
- shift; EXCLUDE=$1
- ;;
- -m|--modes)
- shift; MODES=$1
- ;;
- -t|--types)
- shift; TYPES=$1
- ;;
- -V|--verify)
- shift; VERIFIES=$1
- ;;
- -p|--peers)
- shift; PEERS=$1
- ;;
- -v|--verbose)
- VERBOSE=1
- ;;
- -M|--memcheck)
- MEMCHECK=1
- ;;
- -h|--help)
- print_usage
- exit 0
- ;;
- *)
- echo "Unknown argument: '$1'"
- print_usage
- exit 1
- ;;
- esac
- shift
- done
-
- # sanitize some options (modes checked later)
- VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )"
- TYPES="$( echo $TYPES | tr [a-z] [A-Z] )"
-}
-
-log() {
- if [ "X" != "X$VERBOSE" ]; then
- echo ""
- echo "$@"
- fi
-}
-
-# is_dtls <mode>
-is_dtls()
-{
- test "$1" = "dtls1" -o "$1" = "dtls1_2"
-}
-
-# minor_ver <mode>
-minor_ver()
-{
- case "$1" in
- ssl3)
- echo 0
- ;;
- tls1)
- echo 1
- ;;
- tls1_1|dtls1)
- echo 2
- ;;
- tls1_2|dtls1_2)
- echo 3
- ;;
- *)
- echo "error: invalid mode: $MODE" >&2
- # exiting is no good here, typically called in a subshell
- echo -1
- esac
-}
-
-filter()
-{
- LIST="$1"
- NEW_LIST=""
-
- if is_dtls "$MODE"; then
- EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR'
- else
- EXCLMODE="$EXCLUDE"
- fi
-
- for i in $LIST;
- do
- NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )"
- done
-
- # normalize whitespace
- echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//'
-}
-
-# OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for
-# PSK ciphersuites with DTLS, which is incorrect, so disable them for now
-check_openssl_server_bug()
-{
- if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
- echo "$1" | grep "^TLS-PSK" >/dev/null;
- then
- SKIP_NEXT="YES"
- fi
-}
-
-filter_ciphersuites()
-{
- if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
- then
- # Ciphersuite for mbed TLS
- M_CIPHERS=$( filter "$M_CIPHERS" )
-
- # Ciphersuite for OpenSSL
- O_CIPHERS=$( filter "$O_CIPHERS" )
-
- # Ciphersuite for GnuTLS
- G_CIPHERS=$( filter "$G_CIPHERS" )
- fi
-
- # OpenSSL 1.0.1h doesn't support DTLS 1.2
- if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
- O_CIPHERS=""
- case "$PEER" in
- [Oo]pen*)
- M_CIPHERS=""
- ;;
- esac
- fi
-
- # For GnuTLS client -> mbed TLS server,
- # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
- if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
- G_CIPHERS=""
- fi
-}
-
-reset_ciphersuites()
-{
- M_CIPHERS=""
- O_CIPHERS=""
- G_CIPHERS=""
-}
-
-# Ciphersuites that can be used with all peers.
-# Since we currently have three possible peers, each ciphersuite should appear
-# three times: in each peer's list (with the name that this peer uses).
-add_common_ciphersuites()
-{
- case $TYPE in
-
- "ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
- TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-ECDSA:+NULL:+SHA1 \
- +ECDHE-ECDSA:+ARCFOUR-128:+SHA1 \
- +ECDHE-ECDSA:+3DES-CBC:+SHA1 \
- +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
- +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDHE-ECDSA-NULL-SHA \
- ECDHE-ECDSA-RC4-SHA \
- ECDHE-ECDSA-DES-CBC3-SHA \
- ECDHE-ECDSA-AES128-SHA \
- ECDHE-ECDSA-AES256-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
- +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
- +ECDHE-ECDSA:+AES-128-GCM:+AEAD \
- +ECDHE-ECDSA:+AES-256-GCM:+AEAD \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDHE-ECDSA-AES128-SHA256 \
- ECDHE-ECDSA-AES256-SHA384 \
- ECDHE-ECDSA-AES128-GCM-SHA256 \
- ECDHE-ECDSA-AES256-GCM-SHA384 \
- "
- fi
- ;;
-
- "RSA")
- M_CIPHERS="$M_CIPHERS \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-WITH-AES-256-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-RSA-WITH-AES-128-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-WITH-RC4-128-SHA \
- TLS-RSA-WITH-RC4-128-MD5 \
- TLS-RSA-WITH-NULL-MD5 \
- TLS-RSA-WITH-NULL-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +DHE-RSA:+AES-128-CBC:+SHA1 \
- +DHE-RSA:+AES-256-CBC:+SHA1 \
- +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \
- +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \
- +DHE-RSA:+3DES-CBC:+SHA1 \
- +RSA:+AES-256-CBC:+SHA1 \
- +RSA:+CAMELLIA-256-CBC:+SHA1 \
- +RSA:+AES-128-CBC:+SHA1 \
- +RSA:+CAMELLIA-128-CBC:+SHA1 \
- +RSA:+3DES-CBC:+SHA1 \
- +RSA:+ARCFOUR-128:+SHA1 \
- +RSA:+ARCFOUR-128:+MD5 \
- +RSA:+NULL:+MD5 \
- +RSA:+NULL:+SHA1 \
- "
- O_CIPHERS="$O_CIPHERS \
- DHE-RSA-AES128-SHA \
- DHE-RSA-AES256-SHA \
- DHE-RSA-CAMELLIA128-SHA \
- DHE-RSA-CAMELLIA256-SHA \
- EDH-RSA-DES-CBC3-SHA \
- AES256-SHA \
- CAMELLIA256-SHA \
- AES128-SHA \
- CAMELLIA128-SHA \
- DES-CBC3-SHA \
- RC4-SHA \
- RC4-MD5 \
- NULL-MD5 \
- NULL-SHA \
- "
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-RSA-WITH-RC4-128-SHA \
- TLS-ECDHE-RSA-WITH-NULL-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-RSA:+AES-128-CBC:+SHA1 \
- +ECDHE-RSA:+AES-256-CBC:+SHA1 \
- +ECDHE-RSA:+3DES-CBC:+SHA1 \
- +ECDHE-RSA:+ARCFOUR-128:+SHA1 \
- +ECDHE-RSA:+NULL:+SHA1 \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDHE-RSA-AES256-SHA \
- ECDHE-RSA-AES128-SHA \
- ECDHE-RSA-DES-CBC3-SHA \
- ECDHE-RSA-RC4-SHA \
- ECDHE-RSA-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
- "
- G_CIPHERS="$G_CIPHERS \
- +RSA:+AES-128-CBC:+SHA256 \
- +DHE-RSA:+AES-128-CBC:+SHA256 \
- +RSA:+AES-256-CBC:+SHA256 \
- +DHE-RSA:+AES-256-CBC:+SHA256 \
- +ECDHE-RSA:+AES-128-CBC:+SHA256 \
- +ECDHE-RSA:+AES-256-CBC:+SHA384 \
- +RSA:+AES-128-GCM:+AEAD \
- +RSA:+AES-256-GCM:+AEAD \
- +DHE-RSA:+AES-128-GCM:+AEAD \
- +DHE-RSA:+AES-256-GCM:+AEAD \
- +ECDHE-RSA:+AES-128-GCM:+AEAD \
- +ECDHE-RSA:+AES-256-GCM:+AEAD \
- "
- O_CIPHERS="$O_CIPHERS \
- NULL-SHA256 \
- AES128-SHA256 \
- DHE-RSA-AES128-SHA256 \
- AES256-SHA256 \
- DHE-RSA-AES256-SHA256 \
- ECDHE-RSA-AES128-SHA256 \
- ECDHE-RSA-AES256-SHA384 \
- AES128-GCM-SHA256 \
- DHE-RSA-AES128-GCM-SHA256 \
- AES256-GCM-SHA384 \
- DHE-RSA-AES256-GCM-SHA384 \
- ECDHE-RSA-AES128-GCM-SHA256 \
- ECDHE-RSA-AES256-GCM-SHA384 \
- "
- fi
- ;;
-
- "PSK")
- M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-RC4-128-SHA \
- TLS-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-PSK-WITH-AES-128-CBC-SHA \
- TLS-PSK-WITH-AES-256-CBC-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +PSK:+ARCFOUR-128:+SHA1 \
- +PSK:+3DES-CBC:+SHA1 \
- +PSK:+AES-128-CBC:+SHA1 \
- +PSK:+AES-256-CBC:+SHA1 \
- "
- O_CIPHERS="$O_CIPHERS \
- PSK-RC4-SHA \
- PSK-3DES-EDE-CBC-SHA \
- PSK-AES128-CBC-SHA \
- PSK-AES256-CBC-SHA \
- "
- ;;
- esac
-}
-
-# Ciphersuites usable only with Mbed TLS and OpenSSL
-# Each ciphersuite should appear two times, once with its OpenSSL name, once
-# with its Mbed TLS name.
-#
-# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
-# so RSA-PSK ciphersuites need to go in other sections, see
-# https://github.com/ARMmbed/mbedtls/issues/1419
-#
-# ChachaPoly suites are here rather than in "common", as they were added in
-# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
-add_openssl_ciphersuites()
-{
- case $TYPE in
-
- "ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-NULL-SHA \
- TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
- TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDH-ECDSA-NULL-SHA \
- ECDH-ECDSA-RC4-SHA \
- ECDH-ECDSA-DES-CBC3-SHA \
- ECDH-ECDSA-AES128-SHA \
- ECDH-ECDSA-AES256-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDH-ECDSA-AES128-SHA256 \
- ECDH-ECDSA-AES256-SHA384 \
- ECDH-ECDSA-AES128-GCM-SHA256 \
- ECDH-ECDSA-AES256-GCM-SHA384 \
- ECDHE-ECDSA-ARIA256-GCM-SHA384 \
- ECDHE-ECDSA-ARIA128-GCM-SHA256 \
- ECDHE-ECDSA-CHACHA20-POLY1305 \
- "
- fi
- ;;
-
- "RSA")
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-WITH-DES-CBC-SHA \
- TLS-DHE-RSA-WITH-DES-CBC-SHA \
- "
- O_CIPHERS="$O_CIPHERS \
- DES-CBC-SHA \
- EDH-RSA-DES-CBC-SHA \
- "
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- O_CIPHERS="$O_CIPHERS \
- ECDHE-ARIA256-GCM-SHA384 \
- DHE-RSA-ARIA256-GCM-SHA384 \
- ARIA256-GCM-SHA384 \
- ECDHE-ARIA128-GCM-SHA256 \
- DHE-RSA-ARIA128-GCM-SHA256 \
- ARIA128-GCM-SHA256 \
- DHE-RSA-CHACHA20-POLY1305 \
- ECDHE-RSA-CHACHA20-POLY1305 \
- "
- fi
- ;;
-
- "PSK")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- O_CIPHERS="$O_CIPHERS \
- DHE-PSK-ARIA256-GCM-SHA384 \
- DHE-PSK-ARIA128-GCM-SHA256 \
- PSK-ARIA256-GCM-SHA384 \
- PSK-ARIA128-GCM-SHA256 \
- DHE-PSK-CHACHA20-POLY1305 \
- ECDHE-PSK-CHACHA20-POLY1305 \
- PSK-CHACHA20-POLY1305 \
- "
- fi
- ;;
- esac
-}
-
-# Ciphersuites usable only with Mbed TLS and GnuTLS
-# Each ciphersuite should appear two times, once with its GnuTLS name, once
-# with its Mbed TLS name.
-add_gnutls_ciphersuites()
-{
- case $TYPE in
-
- "ECDSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
- +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
- +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
- +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
- +ECDHE-ECDSA:+AES-128-CCM:+AEAD \
- +ECDHE-ECDSA:+AES-256-CCM:+AEAD \
- +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD \
- +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD \
- "
- fi
- ;;
-
- "RSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-WITH-NULL-SHA256 \
- "
- G_CIPHERS="$G_CIPHERS \
- +RSA:+NULL:+SHA256 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
- +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \
- +RSA:+CAMELLIA-128-CBC:+SHA256 \
- +RSA:+CAMELLIA-256-CBC:+SHA256 \
- +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
- +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \
- +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \
- +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \
- +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \
- +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
- +RSA:+CAMELLIA-128-GCM:+AEAD \
- +RSA:+CAMELLIA-256-GCM:+AEAD \
- +RSA:+AES-128-CCM:+AEAD \
- +RSA:+AES-256-CCM:+AEAD \
- +RSA:+AES-128-CCM-8:+AEAD \
- +RSA:+AES-256-CCM-8:+AEAD \
- +DHE-RSA:+AES-128-CCM:+AEAD \
- +DHE-RSA:+AES-256-CCM:+AEAD \
- +DHE-RSA:+AES-128-CCM-8:+AEAD \
- +DHE-RSA:+AES-256-CCM-8:+AEAD \
- "
- fi
- ;;
-
- "PSK")
- M_CIPHERS="$M_CIPHERS \
- TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-DHE-PSK-WITH-RC4-128-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +DHE-PSK:+3DES-CBC:+SHA1 \
- +DHE-PSK:+AES-128-CBC:+SHA1 \
- +DHE-PSK:+AES-256-CBC:+SHA1 \
- +DHE-PSK:+ARCFOUR-128:+SHA1 \
- "
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-PSK-WITH-RC4-128-SHA \
- TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- TLS-RSA-PSK-WITH-RC4-128-SHA \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-PSK:+3DES-CBC:+SHA1 \
- +ECDHE-PSK:+AES-128-CBC:+SHA1 \
- +ECDHE-PSK:+AES-256-CBC:+SHA1 \
- +ECDHE-PSK:+ARCFOUR-128:+SHA1 \
- +RSA-PSK:+3DES-CBC:+SHA1 \
- +RSA-PSK:+AES-256-CBC:+SHA1 \
- +RSA-PSK:+AES-128-CBC:+SHA1 \
- +RSA-PSK:+ARCFOUR-128:+SHA1 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-NULL-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA256 \
- TLS-DHE-PSK-WITH-NULL-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
- "
- G_CIPHERS="$G_CIPHERS \
- +ECDHE-PSK:+AES-256-CBC:+SHA384 \
- +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
- +ECDHE-PSK:+AES-128-CBC:+SHA256 \
- +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
- +PSK:+AES-128-CBC:+SHA256 \
- +PSK:+AES-256-CBC:+SHA384 \
- +DHE-PSK:+AES-128-CBC:+SHA256 \
- +DHE-PSK:+AES-256-CBC:+SHA384 \
- +RSA-PSK:+AES-256-CBC:+SHA384 \
- +RSA-PSK:+AES-128-CBC:+SHA256 \
- +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
- +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
- +PSK:+CAMELLIA-128-CBC:+SHA256 \
- +PSK:+CAMELLIA-256-CBC:+SHA384 \
- +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \
- +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \
- +PSK:+AES-128-GCM:+AEAD \
- +PSK:+AES-256-GCM:+AEAD \
- +DHE-PSK:+AES-128-GCM:+AEAD \
- +DHE-PSK:+AES-256-GCM:+AEAD \
- +PSK:+AES-128-CCM:+AEAD \
- +PSK:+AES-256-CCM:+AEAD \
- +DHE-PSK:+AES-128-CCM:+AEAD \
- +DHE-PSK:+AES-256-CCM:+AEAD \
- +PSK:+AES-128-CCM-8:+AEAD \
- +PSK:+AES-256-CCM-8:+AEAD \
- +DHE-PSK:+AES-128-CCM-8:+AEAD \
- +DHE-PSK:+AES-256-CCM-8:+AEAD \
- +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
- +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
- +PSK:+CAMELLIA-128-GCM:+AEAD \
- +PSK:+CAMELLIA-256-GCM:+AEAD \
- +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \
- +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \
- +RSA-PSK:+AES-256-GCM:+AEAD \
- +RSA-PSK:+AES-128-GCM:+AEAD \
- +ECDHE-PSK:+NULL:+SHA384 \
- +ECDHE-PSK:+NULL:+SHA256 \
- +PSK:+NULL:+SHA256 \
- +PSK:+NULL:+SHA384 \
- +DHE-PSK:+NULL:+SHA256 \
- +DHE-PSK:+NULL:+SHA384 \
- +RSA-PSK:+NULL:+SHA256 \
- +RSA-PSK:+NULL:+SHA384 \
- "
- fi
- ;;
- esac
-}
-
-# Ciphersuites usable only with Mbed TLS (not currently supported by another
-# peer usable in this script). This provide only very rudimentaty testing, as
-# this is not interop testing, but it's better than nothing.
-add_mbedtls_ciphersuites()
-{
- case $TYPE in
-
- "ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
- ;;
-
- "RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
- ;;
-
- "PSK")
- # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
- M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-NULL-SHA \
- TLS-DHE-PSK-WITH-NULL-SHA \
- "
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-NULL-SHA \
- TLS-RSA-PSK-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
- ;;
- esac
-}
-
-setup_arguments()
-{
- G_MODE=""
- case "$MODE" in
- "ssl3")
- G_PRIO_MODE="+VERS-SSL3.0"
- ;;
- "tls1")
- G_PRIO_MODE="+VERS-TLS1.0"
- ;;
- "tls1_1")
- G_PRIO_MODE="+VERS-TLS1.1"
- ;;
- "tls1_2")
- G_PRIO_MODE="+VERS-TLS1.2"
- ;;
- "dtls1")
- G_PRIO_MODE="+VERS-DTLS1.0"
- G_MODE="-u"
- ;;
- "dtls1_2")
- G_PRIO_MODE="+VERS-DTLS1.2"
- G_MODE="-u"
- ;;
- *)
- echo "error: invalid mode: $MODE" >&2
- exit 1;
- esac
-
- # GnuTLS < 3.4 will choke if we try to allow CCM-8
- if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then
- G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:"
- else
- G_PRIO_CCM=""
- fi
-
- M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
- G_SERVER_ARGS="-p $PORT --http $G_MODE"
- G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
-
- # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
- if is_dtls "$MODE"; then
- O_SERVER_ARGS="$O_SERVER_ARGS"
- else
- O_SERVER_ARGS="$O_SERVER_ARGS -www"
- fi
-
- M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
- O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
- G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
- G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
-
- if [ "X$VERIFY" = "XYES" ];
- then
- M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
- O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
-
- M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
- O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
- else
- # don't request a client cert at all
- M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
- G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
-
- M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none"
- O_CLIENT_ARGS="$O_CLIENT_ARGS"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
- fi
-
- case $TYPE in
- "ECDSA")
- M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
- O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-
- if [ "X$VERIFY" = "XYES" ]; then
- M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
- O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
- else
- M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
- fi
- ;;
-
- "RSA")
- M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
- O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
-
- if [ "X$VERIFY" = "XYES" ]; then
- M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
- O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
- else
- M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
- fi
-
- # Allow SHA-1. It's disabled by default for security reasons but
- # our tests still use certificates signed with it.
- M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
- M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
- ;;
-
- "PSK")
- # give RSA-PSK-capable server a RSA cert
- # (should be a separate type, but harder to close with openssl)
- M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
- O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
-
- M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
- O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
-
- # Allow SHA-1. It's disabled by default for security reasons but
- # our tests still use certificates signed with it.
- M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
- M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
- ;;
- esac
-}
-
-# is_mbedtls <cmd_line>
-is_mbedtls() {
- echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
-}
-
-# has_mem_err <log_file_name>
-has_mem_err() {
- if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
- grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
- then
- return 1 # false: does not have errors
- else
- return 0 # true: has errors
- fi
-}
-
-# Wait for process $2 to be listening on port $1
-if type lsof >/dev/null 2>/dev/null; then
- wait_server_start() {
- START_TIME=$(date +%s)
- if is_dtls "$MODE"; then
- proto=UDP
- else
- proto=TCP
- fi
- while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
- if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
- echo "SERVERSTART TIMEOUT"
- echo "SERVERSTART TIMEOUT" >> $SRV_OUT
- break
- fi
- # Linux and *BSD support decimal arguments to sleep. On other
- # OSes this may be a tight loop.
- sleep 0.1 2>/dev/null || true
- done
- }
-else
- echo "Warning: lsof not available, wait_server_start = sleep"
- wait_server_start() {
- sleep 2
- }
-fi
-
-
-# start_server <name>
-# also saves name and command
-start_server() {
- case $1 in
- [Oo]pen*)
- SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
- ;;
- [Gg]nu*)
- SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
- ;;
- mbed*)
- SERVER_CMD="$M_SRV $M_SERVER_ARGS"
- if [ "$MEMCHECK" -gt 0 ]; then
- SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
- fi
- ;;
- *)
- echo "error: invalid server name: $1" >&2
- exit 1
- ;;
- esac
- SERVER_NAME=$1
-
- log "$SERVER_CMD"
- echo "$SERVER_CMD" > $SRV_OUT
- # for servers without -www or equivalent
- while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
- PROCESS_ID=$!
-
- wait_server_start "$PORT" "$PROCESS_ID"
-}
-
-# terminate the running server
-stop_server() {
- kill $PROCESS_ID 2>/dev/null
- wait $PROCESS_ID 2>/dev/null
-
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
- echo " ! Server had memory errors"
- SRVMEM=$(( $SRVMEM + 1 ))
- return
- fi
- fi
-
- rm -f $SRV_OUT
-}
-
-# kill the running server (used when killed by signal)
-cleanup() {
- rm -f $SRV_OUT $CLI_OUT
- kill $PROCESS_ID >/dev/null 2>&1
- kill $WATCHDOG_PID >/dev/null 2>&1
- exit 1
-}
-
-# wait for client to terminate and set EXIT
-# must be called right after starting the client
-wait_client_done() {
- CLI_PID=$!
-
- ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
- WATCHDOG_PID=$!
-
- wait $CLI_PID
- EXIT=$?
-
- kill $WATCHDOG_PID
- wait $WATCHDOG_PID
-
- echo "EXIT: $EXIT" >> $CLI_OUT
-}
-
-# run_client <name> <cipher>
-run_client() {
- # announce what we're going to do
- TESTS=$(( $TESTS + 1 ))
- VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
- TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
- TITLE="$TITLE $MODE,$VERIF $2"
- printf "$TITLE "
- LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
- for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
-
- # should we skip?
- if [ "X$SKIP_NEXT" = "XYES" ]; then
- SKIP_NEXT="NO"
- echo "SKIP"
- SKIPPED=$(( $SKIPPED + 1 ))
- return
- fi
-
- # run the command and interpret result
- case $1 in
- [Oo]pen*)
- CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
- log "$CLIENT_CMD"
- echo "$CLIENT_CMD" > $CLI_OUT
- printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
- wait_client_done
-
- if [ $EXIT -eq 0 ]; then
- RESULT=0
- else
- # If the cipher isn't supported...
- if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
- RESULT=1
- else
- RESULT=2
- fi
- fi
- ;;
-
- [Gg]nu*)
- # need to force IPv4 with UDP, but keep localhost for auth
- if is_dtls "$MODE"; then
- G_HOST="127.0.0.1"
- else
- G_HOST="localhost"
- fi
- CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
- log "$CLIENT_CMD"
- echo "$CLIENT_CMD" > $CLI_OUT
- printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
- wait_client_done
-
- if [ $EXIT -eq 0 ]; then
- RESULT=0
- else
- RESULT=2
- # interpret early failure, with a handshake_failure alert
- # before the server hello, as "no ciphersuite in common"
- if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then
- if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then :
- else
- RESULT=1
- fi
- fi >/dev/null
- fi
- ;;
-
- mbed*)
- CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
- if [ "$MEMCHECK" -gt 0 ]; then
- CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
- fi
- log "$CLIENT_CMD"
- echo "$CLIENT_CMD" > $CLI_OUT
- $CLIENT_CMD >> $CLI_OUT 2>&1 &
- wait_client_done
-
- case $EXIT in
- # Success
- "0") RESULT=0 ;;
-
- # Ciphersuite not supported
- "2") RESULT=1 ;;
-
- # Error
- *) RESULT=2 ;;
- esac
-
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
- RESULT=2
- fi
- fi
-
- ;;
-
- *)
- echo "error: invalid client name: $1" >&2
- exit 1
- ;;
- esac
-
- echo "EXIT: $EXIT" >> $CLI_OUT
-
- # report and count result
- case $RESULT in
- "0")
- echo PASS
- ;;
- "1")
- echo SKIP
- SKIPPED=$(( $SKIPPED + 1 ))
- ;;
- "2")
- echo FAIL
- cp $SRV_OUT c-srv-${TESTS}.log
- cp $CLI_OUT c-cli-${TESTS}.log
- echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
-
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
- echo " ! server output:"
- cat c-srv-${TESTS}.log
- echo " ! ==================================================="
- echo " ! client output:"
- cat c-cli-${TESTS}.log
- fi
-
- FAILED=$(( $FAILED + 1 ))
- ;;
- esac
-
- rm -f $CLI_OUT
-}
-
-#
-# MAIN
-#
-
-if cd $( dirname $0 ); then :; else
- echo "cd $( dirname $0 ) failed" >&2
- exit 1
-fi
-
-get_options "$@"
-
-# sanity checks, avoid an avalanche of errors
-if [ ! -x "$M_SRV" ]; then
- echo "Command '$M_SRV' is not an executable file" >&2
- exit 1
-fi
-if [ ! -x "$M_CLI" ]; then
- echo "Command '$M_CLI' is not an executable file" >&2
- exit 1
-fi
-
-if echo "$PEERS" | grep -i openssl > /dev/null; then
- if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
- echo "Command '$OPENSSL_CMD' not found" >&2
- exit 1
- fi
-fi
-
-if echo "$PEERS" | grep -i gnutls > /dev/null; then
- for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do
- if which "$CMD" >/dev/null 2>&1; then :; else
- echo "Command '$CMD' not found" >&2
- exit 1
- fi
- done
-fi
-
-for PEER in $PEERS; do
- case "$PEER" in
- mbed*|[Oo]pen*|[Gg]nu*)
- ;;
- *)
- echo "Unknown peers: $PEER" >&2
- exit 1
- esac
-done
-
-# Pick a "unique" port in the range 10000-19999.
-PORT="0000$$"
-PORT="1$(echo $PORT | tail -c 5)"
-
-# Also pick a unique name for intermediate files
-SRV_OUT="srv_out.$$"
-CLI_OUT="cli_out.$$"
-
-# client timeout delay: be more patient with valgrind
-if [ "$MEMCHECK" -gt 0 ]; then
- DOG_DELAY=30
-else
- DOG_DELAY=10
-fi
-
-SKIP_NEXT="NO"
-
-trap cleanup INT TERM HUP
-
-for VERIFY in $VERIFIES; do
- for MODE in $MODES; do
- for TYPE in $TYPES; do
- for PEER in $PEERS; do
-
- setup_arguments
-
- case "$PEER" in
-
- [Oo]pen*)
-
- if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
- continue;
- fi
-
- reset_ciphersuites
- add_common_ciphersuites
- add_openssl_ciphersuites
- filter_ciphersuites
-
- if [ "X" != "X$M_CIPHERS" ]; then
- start_server "OpenSSL"
- for i in $M_CIPHERS; do
- check_openssl_server_bug $i
- run_client mbedTLS $i
- done
- stop_server
- fi
-
- if [ "X" != "X$O_CIPHERS" ]; then
- start_server "mbedTLS"
- for i in $O_CIPHERS; do
- run_client OpenSSL $i
- done
- stop_server
- fi
-
- ;;
-
- [Gg]nu*)
-
- reset_ciphersuites
- add_common_ciphersuites
- add_gnutls_ciphersuites
- filter_ciphersuites
-
- if [ "X" != "X$M_CIPHERS" ]; then
- start_server "GnuTLS"
- for i in $M_CIPHERS; do
- run_client mbedTLS $i
- done
- stop_server
- fi
-
- if [ "X" != "X$G_CIPHERS" ]; then
- start_server "mbedTLS"
- for i in $G_CIPHERS; do
- run_client GnuTLS $i
- done
- stop_server
- fi
-
- ;;
-
- mbed*)
-
- reset_ciphersuites
- add_common_ciphersuites
- add_openssl_ciphersuites
- add_gnutls_ciphersuites
- add_mbedtls_ciphersuites
- filter_ciphersuites
-
- if [ "X" != "X$M_CIPHERS" ]; then
- start_server "mbedTLS"
- for i in $M_CIPHERS; do
- run_client mbedTLS $i
- done
- stop_server
- fi
-
- ;;
-
- *)
- echo "Unknown peer: $PEER" >&2
- exit 1
- ;;
-
- esac
-
- done
- done
- done
-done
-
-echo "------------------------------------------------------------------------"
-
-if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
-then
- printf "FAILED"
-else
- printf "PASSED"
-fi
-
-if [ "$MEMCHECK" -gt 0 ]; then
- MEMREPORT=", $SRVMEM server memory errors"
-else
- MEMREPORT=""
-fi
-
-PASSED=$(( $TESTS - $FAILED ))
-echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
-
-FAILED=$(( $FAILED + $SRVMEM ))
-exit $FAILED
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 999fe6e..a30740a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -38,10 +38,6 @@
# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, recent enough for the
-# interoperability tests. If they don't support SSLv3 then a legacy
-# version of these tools must be present as well (search for LEGACY
-# below).
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
@@ -116,18 +112,10 @@
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
- MEMORY=0
FORCE=0
KEEP_GOING=0
# Default commands, can be overridden by the environment
- : ${OPENSSL:="openssl"}
- : ${OPENSSL_LEGACY:="$OPENSSL"}
- : ${OPENSSL_NEXT:="$OPENSSL"}
- : ${GNUTLS_CLI:="gnutls-cli"}
- : ${GNUTLS_SERV:="gnutls-serv"}
- : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
- : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
@@ -137,6 +125,9 @@
export MAKEFLAGS="-j"
fi
+ # Include more verbose output for failing tests run by CMake
+ export CTEST_OUTPUT_ON_FAILURE=1
+
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
# Parse the script with sed, because in sh there is no way to list
@@ -204,13 +195,6 @@
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
- --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
- --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
- --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
- --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3.
- --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
EOF
}
@@ -222,9 +206,6 @@
fi
command make clean
- cd crypto
- command make clean
- cd ..
# Remove CMake artefacts
find . -name .git -prune -o \
@@ -236,11 +217,6 @@
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
- cd crypto
- rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
- git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
- git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
- cd ..
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
@@ -315,6 +291,9 @@
all_except=0
no_armcc=
+ # Note that legacy options are ignored instead of being omitted from this
+ # list of options, so invocations that worked with previous version of
+ # all.sh will still run and work properly.
while [ $# -gt 0 ]; do
case "$1" in
--armcc) no_armcc=;;
@@ -322,26 +301,26 @@
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
--except) all_except=1;;
--force|-f) FORCE=1;;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
- --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --gnutls-cli) shift;;
+ --gnutls-legacy-cli) shift;;
+ --gnutls-legacy-serv) shift;;
+ --gnutls-serv) shift;;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
- --memory|-m) MEMORY=1;;
+ --memory|-m) ;;
--no-armcc) no_armcc=1;;
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
+ --no-memory) ;;
+ --openssl) shift;;
+ --openssl-legacy) shift;;
+ --openssl-next) shift;;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=1;;
- --seed|-s) shift; SEED="$1";;
+ --random-seed) ;;
+ --release-test|-r) ;;
+ --seed|-s) shift;;
-*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
@@ -396,19 +375,12 @@
exit 1
fi
fi
- if ! [ -f crypto/Makefile ]; then
- echo "Please initialize the crypto submodule" >&2
- exit 1
- fi
}
pre_check_seedfile () {
if [ ! -f "./tests/seedfile" ]; then
dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
fi
- if [ ! -f "./crypto/tests/seedfile" ]; then
- dd if=/dev/urandom of=./crypto/tests/seedfile bs=32 count=1
- fi
}
pre_setup_keep_going () {
@@ -481,16 +453,7 @@
pre_print_configuration () {
msg "info: $0 configuration"
- echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
- echo "SEED: ${SEED-"UNSET"}"
- echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
- echo "OPENSSL_NEXT: $OPENSSL_NEXT"
- echo "GNUTLS_CLI: $GNUTLS_CLI"
- echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
- echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
@@ -501,30 +464,6 @@
set env
case " $RUN_COMPONENTS " in
- # Require OpenSSL and GnuTLS if running any tests (as opposed to
- # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
- # is a good enough approximation in practice.
- *" test_"*)
- # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
- # and ssl-opt.sh, we just export the variables they require.
- export OPENSSL_CMD="$OPENSSL"
- export GNUTLS_CLI="$GNUTLS_CLI"
- export GNUTLS_SERV="$GNUTLS_SERV"
- # Avoid passing --seed flag in every call to ssl-opt.sh
- if [ -n "${SEED-}" ]; then
- export SEED
- fi
- set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
- set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
- set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
- check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV" \
- "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
- ;;
- esac
-
- case " $RUN_COMPONENTS " in
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
esac
@@ -606,7 +545,6 @@
}
-
################################################################
#### Build and test many configurations and targets
################################################################
@@ -629,12 +567,6 @@
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
-
- msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh
}
component_test_ref_configs () {
@@ -643,36 +575,6 @@
record_status tests/scripts/test-ref-configs.pl
}
-component_test_sslv3 () {
- msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
- scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
- make test
-
- msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-
- msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
-}
-
-component_test_no_renegotiation () {
- msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
- scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
- make test
-
- msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
-}
-
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@@ -681,54 +583,16 @@
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
-
- msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f RSA
-
- msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
- if_build_succeeded tests/compat.sh -t RSA
}
-component_test_small_ssl_out_content_len () {
- msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+component_test_new_ecdh_context () {
+ msg "build: new ECDH context (ASan build)" # ~ 6 min
+ scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
-}
-
-component_test_small_ssl_in_content_len () {
- msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
-}
-
-component_test_small_ssl_dtls_max_buffering () {
- msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
- scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
-}
-
-component_test_small_mbedtls_ssl_dtls_max_buffering () {
- msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
- scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+ msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
}
component_test_full_cmake_clang () {
@@ -741,14 +605,8 @@
msg "test: main suites (full config)" # ~ 5s
make test
- msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-
- msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
-
- msg "test: compat.sh ARIA + ChachaPoly"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+ msg "test: psa_constant_names (full config)" # ~ 1s
+ record_status tests/scripts/test_psa_constant_names.py
}
component_build_deprecated () {
@@ -785,11 +643,6 @@
record_status tests/scripts/depends-pkalgs.pl
}
-component_build_key_exchanges () {
- msg "test/build: key-exchanges (gcc)" # ~ 1 min
- record_status tests/scripts/key-exchanges.pl
-}
-
component_build_default_make_gcc_and_cxx () {
msg "build: Unix make, -Os (gcc)" # ~ 30s
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
@@ -801,66 +654,6 @@
make TEST_CPP=1
}
-component_test_submodule_cmake () {
- # USE_CRYPTO_SUBMODULE: check that the build works with CMake
- msg "build: cmake, full config + USE_CRYPTO_SUBMODULE, gcc+debug"
- scripts/config.pl full # enables md4 and submodule doesn't enable md4
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- CC=gcc cmake -D USE_CRYPTO_SUBMODULE=1 -D CMAKE_BUILD_TYPE=Debug .
- make
- msg "test: top-level libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded not test -f library/libmbedcrypto.a
- msg "test: libmbedcrypto symbols are from crypto files (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep -E 'crypto/library$' > /dev/null
- msg "test: libmbedcrypto uses top-level config (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep 'md4.c' > /dev/null
- msg "test: main suites (USE_CRYPTO_SUBMODULE, cmake)"
- make test
- msg "test: ssl-opt.sh (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded tests/ssl-opt.sh
-}
-
-component_test_submodule_make () {
- # USE_CRYPTO_SUBMODULE: check that the build works with make
- msg "build: make, full config + USE_CRYPTO_SUBMODULE, gcc+debug"
- scripts/config.pl full # enables md4 and submodule doesn't enable md4
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- make CC=gcc CFLAGS='-g' USE_CRYPTO_SUBMODULE=1
- msg "test: top-level libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded not test -f library/libmbedcrypto.a
- msg "test: libmbedcrypto symbols are from crypto files (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep -E 'crypto/library$' > /dev/null
- msg "test: libmbedcrypto uses top-level config (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded objdump -g crypto/library/libmbedcrypto.a | grep 'md4.c' > /dev/null
- msg "test: main suites (USE_CRYPTO_SUBMODULE, make)"
- make CC=gcc USE_CRYPTO_SUBMODULE=1 test
- msg "test: ssl-opt.sh (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded tests/ssl-opt.sh
-}
-
-component_test_not_submodule_make () {
- # Don't USE_CRYPTO_SUBMODULE: check that the submodule is not used with make
- msg "build: make, full config - USE_CRYPTO_SUBMODULE, gcc+debug"
- scripts/config.pl full
- make CC=gcc CFLAGS='-g'
- msg "test: submodule libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded not test -f crypto/library/libmbedcrypto.a
- msg "test: libmbedcrypto symbols are from library files (USE_CRYPTO_SUBMODULE, make)"
- if_build_succeeded objdump -g library/libmbedcrypto.a | grep -E 'library$' | not grep 'crypto' > /dev/null
-}
-
-component_test_not_submodule_cmake () {
- # Don't USE_CRYPTO_SUBMODULE: check that the submodule is not used with CMake
- msg "build: cmake, full config - USE_CRYPTO_SUBMODULE, gcc+debug"
- scripts/config.pl full
- CC=gcc cmake -D CMAKE_BUILD_TYPE=Debug .
- make
- msg "test: submodule libmbedcrypto wasn't built (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded not test -f crypto/library/libmbedcrypto.a
- msg "test: libmbedcrypto symbols are from library files (USE_CRYPTO_SUBMODULE, cmake)"
- if_build_succeeded objdump -g library/libmbedcrypto.a | grep -E 'library$' | not grep 'crypto' > /dev/null
-}
-
component_test_use_psa_crypto_full_cmake_asan() {
# MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
@@ -869,26 +662,11 @@
scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
- CC=gcc cmake -D USE_CRYPTO_SUBMODULE=1 -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
make test
-
- msg "test: ssl-opt.sh (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh default (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/compat.sh
-
- msg "test: compat.sh ssl3 (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-
- msg "test: compat.sh RC4, DES & NULL (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
-
- msg "test: compat.sh ARIA + ChachaPoly (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_check_params_without_platform () {
@@ -932,6 +710,9 @@
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -947,69 +728,6 @@
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
-component_build_no_ssl_srv () {
- msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_SSL_SRV_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_ssl_cli () {
- msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_SSL_CLI_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_sockets () {
- # Note, C99 compliance can also be tested with the sockets support disabled,
- # as that requires a POSIX platform (which isn't the same as C99).
- msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
-}
-
-component_test_no_max_fragment_length () {
- # Run max fragment length tests with MFL disabled
- msg "build: default config except MFL extension (ASan build)" # ~ 30s
- scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: ssl-opt.sh, MFL-related tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
-}
-
-component_test_asan_remove_peer_certificate () {
- msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
- scripts/config.pl unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- make test
-
- msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/compat.sh
-}
-
-component_test_no_max_fragment_length_small_ssl_out_content_len () {
- msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
- scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: MFL tests (disabled MFL extension case) & large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
-}
-
component_test_null_entropy () {
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
@@ -1037,6 +755,34 @@
make test
}
+component_test_aes_fewer_tables () {
+ msg "build: default config with AES_FEWER_TABLES enabled"
+ scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+ msg "test: AES_FEWER_TABLES"
+ make test
+}
+
+component_test_aes_rom_tables () {
+ msg "build: default config with AES_ROM_TABLES enabled"
+ scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+ msg "test: AES_ROM_TABLES"
+ make test
+}
+
+component_test_aes_fewer_tables_and_rom_tables () {
+ msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
+ scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
+ scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+ msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
+ make test
+}
+
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
make SHARED=1 all check
@@ -1069,9 +815,6 @@
msg "test: i386, make, gcc -O1 (ASan build)"
make test
-
- msg "test ssl-opt.sh, i386, make, gcc-O1"
- if_build_succeeded tests/ssl-opt.sh
}
support_test_m32_o1 () {
support_test_m32_o0 "$@"
@@ -1092,12 +835,69 @@
esac
}
+component_test_min_mpi_window_size () {
+ msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
+ scripts/config.pl set MBEDTLS_MPI_WINDOW_SIZE 1
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
+ make test
+}
+
+component_test_have_int32 () {
+ msg "build: gcc, force 32-bit bignum limbs"
+ scripts/config.pl unset MBEDTLS_HAVE_ASM
+ scripts/config.pl unset MBEDTLS_AESNI_C
+ scripts/config.pl unset MBEDTLS_PADLOCK_C
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
+
+ msg "test: gcc, force 32-bit bignum limbs"
+ make test
+}
+
+component_test_have_int64 () {
+ msg "build: gcc, force 64-bit bignum limbs"
+ scripts/config.pl unset MBEDTLS_HAVE_ASM
+ scripts/config.pl unset MBEDTLS_AESNI_C
+ scripts/config.pl unset MBEDTLS_PADLOCK_C
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
+
+ msg "test: gcc, force 64-bit bignum limbs"
+ make test
+}
+
+component_test_no_udbl_division () {
+ msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+ make CFLAGS='-Werror -O1'
+
+ msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
+ make test
+}
+
+component_test_no_64bit_multiplication () {
+ msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+ make CFLAGS='-Werror -O1'
+
+ msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
+ make test
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
@@ -1115,6 +915,9 @@
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
@@ -1135,6 +938,9 @@
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
@@ -1155,6 +961,9 @@
scripts/config.pl unset MBEDTLS_NET_C
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_HAVE_TIME
scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
@@ -1187,15 +996,6 @@
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
-component_test_allow_sha1 () {
- msg "build: allow SHA1 in certificates by default"
- scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
- make CFLAGS='-Werror -Wall -Wextra'
- msg "test: allow SHA1 in certificates by default"
- make test
- if_build_succeeded tests/ssl-opt.sh -f SHA-1
-}
-
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
@@ -1218,16 +1018,6 @@
msg "test: main suites (MSan)" # ~ 10s
make test
-
- msg "test: ssl-opt.sh (MSan)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
-
- # Optional part(s)
-
- if [ "$MEMORY" -gt 0 ]; then
- msg "test: compat.sh (MSan)" # ~ 6 min 20s
- if_build_succeeded tests/compat.sh
- fi
}
component_test_valgrind () {
@@ -1237,18 +1027,6 @@
msg "test: main suites valgrind (Release)"
make memcheck
-
- # Optional parts (slow; currently broken on OS X because programs don't
- # seem to receive signals under valgrind on OS X).
- if [ "$MEMORY" -gt 0 ]; then
- msg "test: ssl-opt.sh --memcheck (Release)"
- if_build_succeeded tests/ssl-opt.sh --memcheck
- fi
-
- if [ "$MEMORY" -gt 1 ]; then
- msg "test: compat.sh --memcheck (Release)"
- if_build_succeeded tests/compat.sh --memcheck
- fi
}
component_test_cmake_out_of_source () {
@@ -1261,17 +1039,7 @@
msg "test: cmake 'out-of-source' build"
make test
- # Test an SSL option that requires an auxiliary script in test/scripts/.
- # Also ensure that there are no error messages such as
- # "No such file or directory", which would indicate that some required
- # file is missing (ssl-opt.sh tolerates the absence of some files so
- # may exit with status 0 but emit errors).
- if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
- if [ -s ssl-opt.err ]; then
- cat ssl-opt.err >&2
- record_status [ ! -s ssl-opt.err ]
- rm ssl-opt.err
- fi
+
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
unset MBEDTLS_ROOT_DIR
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index ab95e22..a653001 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -14,8 +14,6 @@
# The tests include:
# * Unit tests - executed using tests/scripts/run-test-suite.pl
# * Self-tests - executed using the test suites above
-# * System tests - executed using tests/ssl-opt.sh
-# * Interoperability tests - executed using tests/compat.sh
#
# The tests focus on functionality and do not consider performance.
#
@@ -36,30 +34,11 @@
exit 1
fi
-: ${OPENSSL:="openssl"}
-: ${OPENSSL_LEGACY:="$OPENSSL"}
-: ${GNUTLS_CLI:="gnutls-cli"}
-: ${GNUTLS_SERV:="gnutls-serv"}
-: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
-
-# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
-# we just export the variables they require
-export OPENSSL_CMD="$OPENSSL"
-export GNUTLS_CLI="$GNUTLS_CLI"
-export GNUTLS_SERV="$GNUTLS_SERV"
-
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
# Step 0 - print build environment info
-OPENSSL="$OPENSSL" \
- OPENSSL_LEGACY="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_CLI" \
- GNUTLS_SERV="$GNUTLS_SERV" \
- GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
- scripts/output_env.sh
+scripts/output_env.sh
echo
# Step 1 - Make and instrumented build for code coverage
@@ -79,25 +58,6 @@
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo
-# Step 2b - System Tests
-sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
-echo
-
-# Step 2c - Compatibility tests
-sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
- tee compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
- tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_NEXT" \
- sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
- tee -a compat-test-$TEST_OUTPUT
-echo
-
# Step 3 - Process the coverage report
cd ..
make lcov |tee tests/cov-$TEST_OUTPUT
@@ -133,49 +93,6 @@
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
-# Step 4b - TLS Options tests
-echo "TLS Options tests - tests/ssl-opt.sh"
-
-PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
-SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
-TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
-FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
-
-echo "Passed : $PASSED_TESTS"
-echo "Failed : $FAILED_TESTS"
-echo "Skipped : $SKIPPED_TESTS"
-echo "Total exec'd tests : $TOTAL_TESTS"
-echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
-
-
-# Step 4c - System Compatibility tests
-echo "System/Compatibility tests - tests/compat.sh"
-
-PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
-
-echo "Passed : $PASSED_TESTS"
-echo "Failed : $FAILED_TESTS"
-echo "Skipped : $SKIPPED_TESTS"
-echo "Total exec'd tests : $EXED_TESTS"
-echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
-
# Step 4d - Grand totals
echo "-------------------------------------------------------------------------"
@@ -209,8 +126,6 @@
rm unit-test-$TEST_OUTPUT
-rm sys-test-$TEST_OUTPUT
-rm compat-test-$TEST_OUTPUT
rm cov-$TEST_OUTPUT
cd ..
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 065ea33..f41e465 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -65,6 +65,6 @@
}
check scripts/generate_errors.pl library/error.c
-check scripts/generate_query_config.pl programs/ssl/query_config.c
+check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_visualc_files.pl visualc/VS2010
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index f18a162..925037c 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -40,7 +40,7 @@
for THING in actual-macros enum-consts; do
printf "Names of $THING: "
test -r $THING
- BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
+ BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
echo "PASS"
else
@@ -53,7 +53,7 @@
for THING in identifiers; do
printf "Names of $THING: "
test -r $THING
- BAD=$( grep -v '^mbedtls_[0-9a-z_]*[0-9a-z]$' $THING || true )
+ BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
echo "PASS"
else
@@ -65,7 +65,7 @@
printf "Likely typos: "
sort -u actual-macros enum-consts > _caps
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
NL='
'
sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
deleted file mode 100755
index 3bf7ae3..0000000
--- a/tests/scripts/key-exchanges.pl
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/env perl
-
-# key-exchanges.pl
-#
-# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# To test the code dependencies on individual key exchanges in the SSL module.
-# is a verification step to ensure we don't ship SSL code that do not work
-# for some build options.
-#
-# The process is:
-# for each possible key exchange
-# build the library with all but that key exchange disabled
-#
-# Usage: tests/scripts/key-exchanges.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
-my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-for my $kex (@kexes) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing with key exchange: $kex\n";
- print "******************************************\n";
-
- # full config with all key exchanges disabled except one
- system( "scripts/config.pl full" ) and abort "Failed config full\n";
- for my $k (@kexes) {
- next if $k eq $kex;
- system( "scripts/config.pl unset $k" )
- and abort "Failed to disable $k\n";
- }
-
- system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 130d9d6..ccd488c 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -7,7 +7,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
rm -f identifiers
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 3c84adb..5982bb7 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -7,7 +7,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \
| egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 431e592..0c40581 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -16,8 +16,7 @@
# exclude functions that are ok:
# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
-# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
-my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
+my $known_ok = qr/mpi_write_hlp/;
my $cur_name;
my $inside;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 329ed14..1c9dc1d 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -58,8 +58,8 @@
')(\z|\.)' );
# in case test suites are linked dynamically
-$ENV{'LD_LIBRARY_PATH'} = '../library:../crypto/library';
-$ENV{'DYLD_LIBRARY_PATH'} = '../library:../crypto/library';
+$ENV{'LD_LIBRARY_PATH'} = '../library';
+$ENV{'DYLD_LIBRARY_PATH'} = '../library';
my $prefix = $^O eq "MSWin32" ? '' : './';
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
deleted file mode 100755
index 11cbf1b..0000000
--- a/tests/scripts/tcp_client.pl
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/env perl
-
-# A simple TCP client that sends some data and expects a response.
-# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
-# DATA: hex-encoded data to send to the server
-# RESPONSE: regexp that must match the server's response
-
-use warnings;
-use strict;
-use IO::Socket::INET;
-
-# Pack hex digits into a binary string, ignoring whitespace.
-sub parse_hex {
- my ($hex) = @_;
- $hex =~ s/\s+//g;
- return pack('H*', $hex);
-}
-
-## Open a TCP connection to the specified host and port.
-sub open_connection {
- my ($host, $port) = @_;
- my $socket = IO::Socket::INET->new(PeerAddr => $host,
- PeerPort => $port,
- Proto => 'tcp',
- Timeout => 1);
- die "Cannot connect to $host:$port: $!" unless $socket;
- return $socket;
-}
-
-## Close the TCP connection.
-sub close_connection {
- my ($connection) = @_;
- $connection->shutdown(2);
- # Ignore shutdown failures (at least for now)
- return 1;
-}
-
-## Write the given data, expressed as hexadecimal
-sub write_data {
- my ($connection, $hexdata) = @_;
- my $data = parse_hex($hexdata);
- my $total_sent = 0;
- while ($total_sent < length($data)) {
- my $sent = $connection->send($data, 0);
- if (!defined $sent) {
- die "Unable to send data: $!";
- }
- $total_sent += $sent;
- }
- return 1;
-}
-
-## Read a response and check it against an expected prefix
-sub read_response {
- my ($connection, $expected_hex) = @_;
- my $expected_data = parse_hex($expected_hex);
- my $start_offset = 0;
- while ($start_offset < length($expected_data)) {
- my $actual_data;
- my $ok = $connection->recv($actual_data, length($expected_data));
- if (!defined $ok) {
- die "Unable to receive data: $!";
- }
- if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
- printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
- ord(substr($actual_data, $-[0], 1)),
- ord(substr($expected_data, $start_offset + $-[0], 1)),
- $start_offset + $-[0]);
- return 0;
- }
- $start_offset += length($actual_data);
- }
- return 1;
-}
-
-if (@ARGV != 4) {
- print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
- exit(3);
-}
-my ($host, $port, $data1, $response1) = @ARGV;
-my $connection = open_connection($host, $port);
-write_data($connection, $data1);
-if (!read_response($connection, $response1)) {
- exit(1);
-}
-close_connection($connection);
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 80d5f38..56f2036 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -9,7 +9,7 @@
# Purpose
#
# For each reference configuration file in the configs directory, build the
-# configuration, run the test suites and compat.sh
+# configuration and run the test suites.
#
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
@@ -17,17 +17,15 @@
use strict;
my %configs = (
+ 'config-default.h' => {
+ },
'config-mini-tls1_1.h' => {
- 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
},
'config-suite-b.h' => {
- 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
'config-ccm-psk-tls1_2.h' => {
- 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
},
'config-thread.h' => {
- 'opt' => '-f ECJPAKE.*nolog',
},
);
@@ -71,30 +69,6 @@
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
system( "make test" ) and abort "Failed test suite: $conf\n";
-
- my $compat = $data->{'compat'};
- if( $compat )
- {
- print "\nrunning compat.sh $compat\n";
- system( "tests/compat.sh $compat" )
- and abort "Failed compat.sh: $conf\n";
- }
- else
- {
- print "\nskipping compat.sh\n";
- }
-
- my $opt = $data->{'opt'};
- if( $opt )
- {
- print "\nrunning ssl-opt.sh $opt\n";
- system( "tests/ssl-opt.sh $opt" )
- and abort "Failed ssl-opt.sh: $conf\n";
- }
- else
- {
- print "\nskipping ssl-opt.sh\n";
- }
}
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
new file mode 100755
index 0000000..5e128eb
--- /dev/null
+++ b/tests/scripts/test_psa_constant_names.py
@@ -0,0 +1,332 @@
+#!/usr/bin/env python3
+'''Test the program psa_constant_names.
+Gather constant names from header files and test cases. Compile a C program
+to print out their numerical values, feed these numerical values to
+psa_constant_names, and check that the output is the original name.
+Return 0 if all test cases pass, 1 if the output was not always as expected,
+or 1 (with a Python backtrace) if there was an operational error.'''
+
+import argparse
+import itertools
+import os
+import platform
+import re
+import subprocess
+import sys
+import tempfile
+
+class ReadFileLineException(Exception):
+ def __init__(self, filename, line_number):
+ message = 'in {} at {}'.format(filename, line_number)
+ super(ReadFileLineException, self).__init__(message)
+ self.filename = filename
+ self.line_number = line_number
+
+class read_file_lines:
+ '''Context manager to read a text file line by line.
+with read_file_lines(filename) as lines:
+ for line in lines:
+ process(line)
+is equivalent to
+with open(filename, 'r') as input_file:
+ for line in input_file:
+ process(line)
+except that if process(line) raises an exception, then the read_file_lines
+snippet annotates the exception with the file name and line number.'''
+ def __init__(self, filename):
+ self.filename = filename
+ self.line_number = 'entry'
+ def __enter__(self):
+ self.generator = enumerate(open(self.filename, 'r'))
+ return self
+ def __iter__(self):
+ for line_number, content in self.generator:
+ self.line_number = line_number
+ yield content
+ self.line_number = 'exit'
+ def __exit__(self, type, value, traceback):
+ if type is not None:
+ raise ReadFileLineException(self.filename, self.line_number) \
+ from value
+
+class Inputs:
+ '''Accumulate information about macros to test.
+This includes macro names as well as information about their arguments
+when applicable.'''
+ def __init__(self):
+ # Sets of names per type
+ self.statuses = set(['PSA_SUCCESS'])
+ self.algorithms = set(['0xffffffff'])
+ self.ecc_curves = set(['0xffff'])
+ self.key_types = set(['0xffffffff'])
+ self.key_usage_flags = set(['0x80000000'])
+ # Hard-coded value for unknown algorithms
+ self.hash_algorithms = set(['0x010000fe'])
+ self.mac_algorithms = set(['0x02ff00ff'])
+ self.kdf_algorithms = set(['0x300000ff', '0x310000ff'])
+ # For AEAD algorithms, the only variability is over the tag length,
+ # and this only applies to known algorithms, so don't test an
+ # unknown algorithm.
+ self.aead_algorithms = set()
+ # Identifier prefixes
+ self.table_by_prefix = {
+ 'ERROR': self.statuses,
+ 'ALG': self.algorithms,
+ 'CURVE': self.ecc_curves,
+ 'KEY_TYPE': self.key_types,
+ 'KEY_USAGE': self.key_usage_flags,
+ }
+ # macro name -> list of argument names
+ self.argspecs = {}
+ # argument name -> list of values
+ self.arguments_for = {
+ 'mac_length': ['1', '63'],
+ 'tag_length': ['1', '63'],
+ }
+
+ def gather_arguments(self):
+ '''Populate the list of values for macro arguments.
+Call this after parsing all the inputs.'''
+ self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
+ self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
+ self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
+ self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
+ self.arguments_for['curve'] = sorted(self.ecc_curves)
+
+ def format_arguments(self, name, arguments):
+ '''Format a macro call with arguments..'''
+ return name + '(' + ', '.join(arguments) + ')'
+
+ def distribute_arguments(self, name):
+ '''Generate macro calls with each tested argument set.
+If name is a macro without arguments, just yield "name".
+If name is a macro with arguments, yield a series of "name(arg1,...,argN)"
+where each argument takes each possible value at least once.'''
+ try:
+ if name not in self.argspecs:
+ yield name
+ return
+ argspec = self.argspecs[name]
+ if argspec == []:
+ yield name + '()'
+ return
+ argument_lists = [self.arguments_for[arg] for arg in argspec]
+ arguments = [values[0] for values in argument_lists]
+ yield self.format_arguments(name, arguments)
+ for i in range(len(arguments)):
+ for value in argument_lists[i][1:]:
+ arguments[i] = value
+ yield self.format_arguments(name, arguments)
+ arguments[i] = argument_lists[0][0]
+ except BaseException as e:
+ raise Exception('distribute_arguments({})'.format(name)) from e
+
+ # Regex for interesting header lines.
+ # Groups: 1=macro name, 2=type, 3=argument list (optional).
+ header_line_re = \
+ re.compile(r'#define +' +
+ r'(PSA_((?:KEY_)?[A-Z]+)_\w+)' +
+ r'(?:\(([^\n()]*)\))?')
+ # Regex of macro names to exclude.
+ excluded_name_re = re.compile('_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
+ # Additional excluded macros.
+ # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
+ # currently doesn't support them. Deprecated errors are also excluded.
+ excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ 'PSA_ALG_ECDH',
+ 'PSA_ALG_FFDH',
+ 'PSA_ERROR_UNKNOWN_ERROR',
+ 'PSA_ERROR_OCCUPIED_SLOT',
+ 'PSA_ERROR_EMPTY_SLOT',
+ 'PSA_ERROR_INSUFFICIENT_CAPACITY',
+ ])
+ argument_split_re = re.compile(r' *, *')
+ def parse_header_line(self, line):
+ '''Parse a C header line, looking for "#define PSA_xxx".'''
+ m = re.match(self.header_line_re, line)
+ if not m:
+ return
+ name = m.group(1)
+ if re.search(self.excluded_name_re, name) or \
+ name in self.excluded_names:
+ return
+ dest = self.table_by_prefix.get(m.group(2))
+ if dest is None:
+ return
+ dest.add(name)
+ if m.group(3):
+ self.argspecs[name] = re.split(self.argument_split_re, m.group(3))
+
+ def parse_header(self, filename):
+ '''Parse a C header file, looking for "#define PSA_xxx".'''
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ self.parse_header_line(line)
+
+ def add_test_case_line(self, function, argument):
+ '''Parse a test case data line, looking for algorithm metadata tests.'''
+ if function.endswith('_algorithm'):
+ # As above, ECDH and FFDH algorithms are excluded for now.
+ # Support for them will be added in the future.
+ if 'ECDH' in argument or 'FFDH' in argument:
+ return
+ self.algorithms.add(argument)
+ if function == 'hash_algorithm':
+ self.hash_algorithms.add(argument)
+ elif function in ['mac_algorithm', 'hmac_algorithm']:
+ self.mac_algorithms.add(argument)
+ elif function == 'aead_algorithm':
+ self.aead_algorithms.add(argument)
+ elif function == 'key_type':
+ self.key_types.add(argument)
+ elif function == 'ecc_key_types':
+ self.ecc_curves.add(argument)
+
+ # Regex matching a *.data line containing a test function call and
+ # its arguments. The actual definition is partly positional, but this
+ # regex is good enough in practice.
+ test_case_line_re = re.compile('(?!depends_on:)(\w+):([^\n :][^:\n]*)')
+ def parse_test_cases(self, filename):
+ '''Parse a test case file (*.data), looking for algorithm metadata tests.'''
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ m = re.match(self.test_case_line_re, line)
+ if m:
+ self.add_test_case_line(m.group(1), m.group(2))
+
+def gather_inputs(headers, test_suites):
+ '''Read the list of inputs to test psa_constant_names with.'''
+ inputs = Inputs()
+ for header in headers:
+ inputs.parse_header(header)
+ for test_cases in test_suites:
+ inputs.parse_test_cases(test_cases)
+ inputs.gather_arguments()
+ return inputs
+
+def remove_file_if_exists(filename):
+ '''Remove the specified file, ignoring errors.'''
+ if not filename:
+ return
+ try:
+ os.remove(filename)
+ except:
+ pass
+
+def run_c(options, type, names):
+ '''Generate and run a program to print out numerical values for names.'''
+ if type == 'status':
+ cast_to = 'long'
+ printf_format = '%ld'
+ else:
+ cast_to = 'unsigned long'
+ printf_format = '0x%08lx'
+ c_name = None
+ exe_name = None
+ try:
+ c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(type),
+ suffix='.c',
+ dir='programs/psa')
+ exe_suffix = '.exe' if platform.system() == 'Windows' else ''
+ exe_name = c_name[:-2] + exe_suffix
+ remove_file_if_exists(exe_name)
+ c_file = os.fdopen(c_fd, 'w', encoding='ascii')
+ c_file.write('/* Generated by test_psa_constant_names.py for {} values */'
+ .format(type))
+ c_file.write('''
+#include <stdio.h>
+#include <psa/crypto.h>
+int main(void)
+{
+''')
+ for name in names:
+ c_file.write(' printf("{}\\n", ({}) {});\n'
+ .format(printf_format, cast_to, name))
+ c_file.write(''' return 0;
+}
+''')
+ c_file.close()
+ cc = os.getenv('CC', 'cc')
+ subprocess.check_call([cc] +
+ ['-I' + dir for dir in options.include] +
+ ['-o', exe_name, c_name])
+ if options.keep_c:
+ sys.stderr.write('List of {} tests kept at {}\n'
+ .format(type, c_name))
+ else:
+ os.remove(c_name)
+ output = subprocess.check_output([exe_name])
+ return output.decode('ascii').strip().split('\n')
+ finally:
+ remove_file_if_exists(exe_name)
+
+normalize_strip_re = re.compile(r'\s+')
+def normalize(expr):
+ '''Normalize the C expression so as not to care about trivial differences.
+Currently "trivial differences" means whitespace.'''
+ expr = re.sub(normalize_strip_re, '', expr, len(expr))
+ return expr.strip().split('\n')
+
+def do_test(options, inputs, type, names):
+ '''Test psa_constant_names for the specified type.
+Run program on names.
+Use inputs to figure out what arguments to pass to macros that take arguments.'''
+ names = sorted(itertools.chain(*map(inputs.distribute_arguments, names)))
+ values = run_c(options, type, names)
+ output = subprocess.check_output([options.program, type] + values)
+ outputs = output.decode('ascii').strip().split('\n')
+ errors = [(type, name, value, output)
+ for (name, value, output) in zip(names, values, outputs)
+ if normalize(name) != normalize(output)]
+ return len(names), errors
+
+def report_errors(errors):
+ '''Describe each case where the output is not as expected.'''
+ for type, name, value, output in errors:
+ print('For {} "{}", got "{}" (value: {})'
+ .format(type, name, output, value))
+
+def run_tests(options, inputs):
+ '''Run psa_constant_names on all the gathered inputs.
+Return a tuple (count, errors) where count is the total number of inputs
+that were tested and errors is the list of cases where the output was
+not as expected.'''
+ count = 0
+ errors = []
+ for type, names in [('status', inputs.statuses),
+ ('algorithm', inputs.algorithms),
+ ('ecc_curve', inputs.ecc_curves),
+ ('key_type', inputs.key_types),
+ ('key_usage', inputs.key_usage_flags)]:
+ c, e = do_test(options, inputs, type, names)
+ count += c
+ errors += e
+ return count, errors
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description=globals()['__doc__'])
+ parser.add_argument('--include', '-I',
+ action='append', default=['include'],
+ help='Directory for header files')
+ parser.add_argument('--program',
+ default='programs/psa/psa_constant_names',
+ help='Program to test')
+ parser.add_argument('--keep-c',
+ action='store_true', dest='keep_c', default=False,
+ help='Keep the intermediate C file')
+ parser.add_argument('--no-keep-c',
+ action='store_false', dest='keep_c',
+ help='Don\'t keep the intermediate C file (default)')
+ options = parser.parse_args()
+ headers = [os.path.join(options.include[0], 'psa', h)
+ for h in ['crypto.h', 'crypto_extra.h', 'crypto_values.h']]
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
+ inputs = gather_inputs(headers, test_suites)
+ count, errors = run_tests(options, inputs)
+ report_errors(errors)
+ if errors == []:
+ print('{} test cases PASS'.format(count))
+ else:
+ print('{} test cases, {} FAIL'.format(count, len(errors)))
+ exit(1)
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
deleted file mode 100755
index 9866ca7..0000000
--- a/tests/scripts/travis-log-failure.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# travis-log-failure.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
-# This script is used to make the logs show up in the Travis test results.
-#
-# Some of the logs can be very long: this means usually a couple of megabytes
-# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
-# is more than 630 Megabytes long.
-
-if [ -d include/mbedtls ]; then :; else
- echo "$0: must be run from root" >&2
- exit 1
-fi
-
-FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
-MAX_LOG_SIZE=1048576
-
-for PATTERN in $FILES; do
- for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
- echo
- echo "****** BEGIN file: $LOG ******"
- echo
- tail -c $MAX_LOG_SIZE $LOG
- echo "****** END file: $LOG ******"
- echo
- rm $LOG
- done
-done
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
deleted file mode 100755
index 08d4be3..0000000
--- a/tests/ssl-opt.sh
+++ /dev/null
@@ -1,7954 +0,0 @@
-#!/bin/sh
-
-# ssl-opt.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Executes tests to prove various TLS/SSL options and extensions.
-#
-# The goal is not to cover every ciphersuite/version, but instead to cover
-# specific options (max fragment length, truncated hmac, etc) or procedures
-# (session resumption from cache or ticket, renego, etc).
-#
-# The tests assume a build with default options, with exceptions expressed
-# with a dependency. The tests focus on functionality and do not consider
-# performance.
-#
-
-set -u
-
-if cd $( dirname $0 ); then :; else
- echo "cd $( dirname $0 ) failed" >&2
- exit 1
-fi
-
-# default values, can be overridden by the environment
-: ${P_SRV:=../programs/ssl/ssl_server2}
-: ${P_CLI:=../programs/ssl/ssl_client2}
-: ${P_PXY:=../programs/test/udp_proxy}
-: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
-: ${GNUTLS_CLI:=gnutls-cli}
-: ${GNUTLS_SERV:=gnutls-serv}
-: ${PERL:=perl}
-
-O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
-O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
-G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
-TCP_CLIENT="$PERL scripts/tcp_client.pl"
-
-# alternative versions of OpenSSL and GnuTLS (no default path)
-
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
- O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
- O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
-else
- O_LEGACY_SRV=false
- O_LEGACY_CLI=false
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-else
- G_NEXT_SRV=false
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
-else
- G_NEXT_CLI=false
-fi
-
-TESTS=0
-FAILS=0
-SKIPS=0
-
-CONFIG_H='../include/mbedtls/config.h'
-
-MEMCHECK=0
-FILTER='.*'
-EXCLUDE='^$'
-
-SHOW_TEST_NUMBER=0
-RUN_TEST_NUMBER=''
-
-PRESERVE_LOGS=0
-
-# Pick a "unique" server port in the range 10000-19999, and a proxy
-# port which is this plus 10000. Each port number may be independently
-# overridden by a command line option.
-SRV_PORT=$(($$ % 10000 + 10000))
-PXY_PORT=$((SRV_PORT + 10000))
-
-print_usage() {
- echo "Usage: $0 [options]"
- printf " -h|--help\tPrint this help.\n"
- printf " -m|--memcheck\tCheck memory leaks and errors.\n"
- printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
- printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
- printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
- printf " -s|--show-numbers\tShow test numbers in front of test names\n"
- printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
- printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n"
- printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
- printf " --seed\tInteger seed value to use for this test run\n"
-}
-
-get_options() {
- while [ $# -gt 0 ]; do
- case "$1" in
- -f|--filter)
- shift; FILTER=$1
- ;;
- -e|--exclude)
- shift; EXCLUDE=$1
- ;;
- -m|--memcheck)
- MEMCHECK=1
- ;;
- -n|--number)
- shift; RUN_TEST_NUMBER=$1
- ;;
- -s|--show-numbers)
- SHOW_TEST_NUMBER=1
- ;;
- -p|--preserve-logs)
- PRESERVE_LOGS=1
- ;;
- --port)
- shift; SRV_PORT=$1
- ;;
- --proxy-port)
- shift; PXY_PORT=$1
- ;;
- --seed)
- shift; SEED="$1"
- ;;
- -h|--help)
- print_usage
- exit 0
- ;;
- *)
- echo "Unknown argument: '$1'"
- print_usage
- exit 1
- ;;
- esac
- shift
- done
-}
-
-# Skip next test; use this macro to skip tests which are legitimate
-# in theory and expected to be re-introduced at some point, but
-# aren't expected to succeed at the moment due to problems outside
-# our control (such as bugs in other TLS implementations).
-skip_next_test() {
- SKIP_NEXT="YES"
-}
-
-# skip next test if the flag is not enabled in config.h
-requires_config_enabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if the flag is enabled in config.h
-requires_config_disabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then
- SKIP_NEXT="YES"
- fi
-}
-
-get_config_value_or_default() {
- # This function uses the query_config command line option to query the
- # required Mbed TLS compile time configuration from the ssl_server2
- # program. The command will always return a success value if the
- # configuration is defined and the value will be printed to stdout.
- #
- # Note that if the configuration is not defined or is defined to nothing,
- # the output of this function will be an empty string.
- ${P_SRV} "query_config=${1}"
-}
-
-requires_config_value_at_least() {
- VAL="$( get_config_value_or_default "$1" )"
- if [ -z "$VAL" ]; then
- # Should never happen
- echo "Mbed TLS configuration $1 is not defined"
- exit 1
- elif [ "$VAL" -lt "$2" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-requires_config_value_at_most() {
- VAL=$( get_config_value_or_default "$1" )
- if [ -z "$VAL" ]; then
- # Should never happen
- echo "Mbed TLS configuration $1 is not defined"
- exit 1
- elif [ "$VAL" -gt "$2" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-requires_ciphersuite_enabled() {
- if [ -z "$($P_CLI --help | grep $1)" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if OpenSSL doesn't support FALLBACK_SCSV
-requires_openssl_with_fallback_scsv() {
- if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
- if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
- then
- OPENSSL_HAS_FBSCSV="YES"
- else
- OPENSSL_HAS_FBSCSV="NO"
- fi
- fi
- if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if GnuTLS isn't available
-requires_gnutls() {
- if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
- if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
- GNUTLS_AVAILABLE="YES"
- else
- GNUTLS_AVAILABLE="NO"
- fi
- fi
- if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if GnuTLS-next isn't available
-requires_gnutls_next() {
- if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
- if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
- GNUTLS_NEXT_AVAILABLE="YES"
- else
- GNUTLS_NEXT_AVAILABLE="NO"
- fi
- fi
- if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if OpenSSL-legacy isn't available
-requires_openssl_legacy() {
- if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
- if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
- OPENSSL_LEGACY_AVAILABLE="YES"
- else
- OPENSSL_LEGACY_AVAILABLE="NO"
- fi
- fi
- if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if IPv6 isn't available on this host
-requires_ipv6() {
- if [ -z "${HAS_IPV6:-}" ]; then
- $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
- SRV_PID=$!
- sleep 1
- kill $SRV_PID >/dev/null 2>&1
- if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
- HAS_IPV6="NO"
- else
- HAS_IPV6="YES"
- fi
- rm -r $SRV_OUT
- fi
-
- if [ "$HAS_IPV6" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip next test if it's i686 or uname is not available
-requires_not_i686() {
- if [ -z "${IS_I686:-}" ]; then
- IS_I686="YES"
- if which "uname" >/dev/null 2>&1; then
- if [ -z "$(uname -a | grep i686)" ]; then
- IS_I686="NO"
- fi
- fi
- fi
- if [ "$IS_I686" = "YES" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# Calculate the input & output maximum content lengths set in the config
-MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
-MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
-MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
-
-if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_IN_LEN"
-fi
-if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_OUT_LEN"
-fi
-
-# skip the next test if the SSL output buffer is less than 16KB
-requires_full_size_output_buffer() {
- if [ "$MAX_OUT_LEN" -ne 16384 ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip the next test if valgrind is in use
-not_with_valgrind() {
- if [ "$MEMCHECK" -gt 0 ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# skip the next test if valgrind is NOT in use
-only_with_valgrind() {
- if [ "$MEMCHECK" -eq 0 ]; then
- SKIP_NEXT="YES"
- fi
-}
-
-# multiply the client timeout delay by the given factor for the next test
-client_needs_more_time() {
- CLI_DELAY_FACTOR=$1
-}
-
-# wait for the given seconds after the client finished in the next test
-server_needs_more_time() {
- SRV_DELAY_SECONDS=$1
-}
-
-# print_name <name>
-print_name() {
- TESTS=$(( $TESTS + 1 ))
- LINE=""
-
- if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
- LINE="$TESTS "
- fi
-
- LINE="$LINE$1"
- printf "$LINE "
- LEN=$(( 72 - `echo "$LINE" | wc -c` ))
- for i in `seq 1 $LEN`; do printf '.'; done
- printf ' '
-
-}
-
-# fail <message>
-fail() {
- echo "FAIL"
- echo " ! $1"
-
- mv $SRV_OUT o-srv-${TESTS}.log
- mv $CLI_OUT o-cli-${TESTS}.log
- if [ -n "$PXY_CMD" ]; then
- mv $PXY_OUT o-pxy-${TESTS}.log
- fi
- echo " ! outputs saved to o-XXX-${TESTS}.log"
-
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
- echo " ! server output:"
- cat o-srv-${TESTS}.log
- echo " ! ========================================================"
- echo " ! client output:"
- cat o-cli-${TESTS}.log
- if [ -n "$PXY_CMD" ]; then
- echo " ! ========================================================"
- echo " ! proxy output:"
- cat o-pxy-${TESTS}.log
- fi
- echo ""
- fi
-
- FAILS=$(( $FAILS + 1 ))
-}
-
-# is_polar <cmd_line>
-is_polar() {
- echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
-}
-
-# openssl s_server doesn't have -www with DTLS
-check_osrv_dtls() {
- if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
- NEEDS_INPUT=1
- SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
- else
- NEEDS_INPUT=0
- fi
-}
-
-# provide input to commands that need it
-provide_input() {
- if [ $NEEDS_INPUT -eq 0 ]; then
- return
- fi
-
- while true; do
- echo "HTTP/1.0 200 OK"
- sleep 1
- done
-}
-
-# has_mem_err <log_file_name>
-has_mem_err() {
- if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
- grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
- then
- return 1 # false: does not have errors
- else
- return 0 # true: has errors
- fi
-}
-
-# Wait for process $2 to be listening on port $1
-if type lsof >/dev/null 2>/dev/null; then
- wait_server_start() {
- START_TIME=$(date +%s)
- if [ "$DTLS" -eq 1 ]; then
- proto=UDP
- else
- proto=TCP
- fi
- # Make a tight loop, server normally takes less than 1s to start.
- while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
- if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
- echo "SERVERSTART TIMEOUT"
- echo "SERVERSTART TIMEOUT" >> $SRV_OUT
- break
- fi
- # Linux and *BSD support decimal arguments to sleep. On other
- # OSes this may be a tight loop.
- sleep 0.1 2>/dev/null || true
- done
- }
-else
- echo "Warning: lsof not available, wait_server_start = sleep"
- wait_server_start() {
- sleep "$START_DELAY"
- }
-fi
-
-# Given the client or server debug output, parse the unix timestamp that is
-# included in the first 4 bytes of the random bytes and check that it's within
-# acceptable bounds
-check_server_hello_time() {
- # Extract the time from the debug (lvl 3) output of the client
- SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
- # Get the Unix timestamp for now
- CUR_TIME=$(date +'%s')
- THRESHOLD_IN_SECS=300
-
- # Check if the ServerHello time was printed
- if [ -z "$SERVER_HELLO_TIME" ]; then
- return 1
- fi
-
- # Check the time in ServerHello is within acceptable bounds
- if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
- # The time in ServerHello is at least 5 minutes before now
- return 1
- elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
- # The time in ServerHello is at least 5 minutes later than now
- return 1
- else
- return 0
- fi
-}
-
-# wait for client to terminate and set CLI_EXIT
-# must be called right after starting the client
-wait_client_done() {
- CLI_PID=$!
-
- CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
- CLI_DELAY_FACTOR=1
-
- ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
- DOG_PID=$!
-
- wait $CLI_PID
- CLI_EXIT=$?
-
- kill $DOG_PID >/dev/null 2>&1
- wait $DOG_PID
-
- echo "EXIT: $CLI_EXIT" >> $CLI_OUT
-
- sleep $SRV_DELAY_SECONDS
- SRV_DELAY_SECONDS=0
-}
-
-# check if the given command uses dtls and sets global variable DTLS
-detect_dtls() {
- if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
- DTLS=1
- else
- DTLS=0
- fi
-}
-
-# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
-# Options: -s pattern pattern that must be present in server output
-# -c pattern pattern that must be present in client output
-# -u pattern lines after pattern must be unique in client output
-# -f call shell function on client output
-# -S pattern pattern that must be absent in server output
-# -C pattern pattern that must be absent in client output
-# -U pattern lines after pattern must be unique in server output
-# -F call shell function on server output
-run_test() {
- NAME="$1"
- shift 1
-
- if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
- else
- SKIP_NEXT="NO"
- return
- fi
-
- print_name "$NAME"
-
- # Do we only run numbered tests?
- if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
- elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
- else
- SKIP_NEXT="YES"
- fi
-
- # does this test use a proxy?
- if [ "X$1" = "X-p" ]; then
- PXY_CMD="$2"
- shift 2
- else
- PXY_CMD=""
- fi
-
- # get commands and client output
- SRV_CMD="$1"
- CLI_CMD="$2"
- CLI_EXPECT="$3"
- shift 3
-
- # Check if server forces ciphersuite
- FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
- if [ ! -z "$FORCE_CIPHERSUITE" ]; then
- requires_ciphersuite_enabled $FORCE_CIPHERSUITE
- fi
-
- # Check if client forces ciphersuite
- FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
- if [ ! -z "$FORCE_CIPHERSUITE" ]; then
- requires_ciphersuite_enabled $FORCE_CIPHERSUITE
- fi
-
- # should we skip?
- if [ "X$SKIP_NEXT" = "XYES" ]; then
- SKIP_NEXT="NO"
- echo "SKIP"
- SKIPS=$(( $SKIPS + 1 ))
- return
- fi
-
- # fix client port
- if [ -n "$PXY_CMD" ]; then
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
- else
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
- fi
-
- # update DTLS variable
- detect_dtls "$SRV_CMD"
-
- # prepend valgrind to our commands if active
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_polar "$SRV_CMD"; then
- SRV_CMD="valgrind --leak-check=full $SRV_CMD"
- fi
- if is_polar "$CLI_CMD"; then
- CLI_CMD="valgrind --leak-check=full $CLI_CMD"
- fi
- fi
-
- TIMES_LEFT=2
- while [ $TIMES_LEFT -gt 0 ]; do
- TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
-
- # run the commands
- if [ -n "$PXY_CMD" ]; then
- echo "$PXY_CMD" > $PXY_OUT
- $PXY_CMD >> $PXY_OUT 2>&1 &
- PXY_PID=$!
- # assume proxy starts faster than server
- fi
-
- check_osrv_dtls
- echo "$SRV_CMD" > $SRV_OUT
- provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
- SRV_PID=$!
- wait_server_start "$SRV_PORT" "$SRV_PID"
-
- echo "$CLI_CMD" > $CLI_OUT
- eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
- wait_client_done
-
- sleep 0.05
-
- # terminate the server (and the proxy)
- kill $SRV_PID
- wait $SRV_PID
-
- if [ -n "$PXY_CMD" ]; then
- kill $PXY_PID >/dev/null 2>&1
- wait $PXY_PID
- fi
-
- # retry only on timeouts
- if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
- printf "RETRY "
- else
- TIMES_LEFT=0
- fi
- done
-
- # check if the client and server went at least to the handshake stage
- # (useful to avoid tests with only negative assertions and non-zero
- # expected client exit to incorrectly succeed in case of catastrophic
- # failure)
- if is_polar "$SRV_CMD"; then
- if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
- else
- fail "server or client failed to reach handshake stage"
- return
- fi
- fi
- if is_polar "$CLI_CMD"; then
- if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
- else
- fail "server or client failed to reach handshake stage"
- return
- fi
- fi
-
- # check server exit code
- if [ $? != 0 ]; then
- fail "server fail"
- return
- fi
-
- # check client exit code
- if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
- \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
- then
- fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
- return
- fi
-
- # check other assertions
- # lines beginning with == are added by valgrind, ignore them
- # lines with 'Serious error when reading debug info', are valgrind issues as well
- while [ $# -gt 0 ]
- do
- case $1 in
- "-s")
- if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
- fail "pattern '$2' MUST be present in the Server output"
- return
- fi
- ;;
-
- "-c")
- if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
- fail "pattern '$2' MUST be present in the Client output"
- return
- fi
- ;;
-
- "-S")
- if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
- fail "pattern '$2' MUST NOT be present in the Server output"
- return
- fi
- ;;
-
- "-C")
- if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
- fail "pattern '$2' MUST NOT be present in the Client output"
- return
- fi
- ;;
-
- # The filtering in the following two options (-u and -U) do the following
- # - ignore valgrind output
- # - filter out everything but lines right after the pattern occurrences
- # - keep one of each non-unique line
- # - count how many lines remain
- # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
- # if there were no duplicates.
- "-U")
- if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
- fail "lines following pattern '$2' must be unique in Server output"
- return
- fi
- ;;
-
- "-u")
- if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
- fail "lines following pattern '$2' must be unique in Client output"
- return
- fi
- ;;
- "-F")
- if ! $2 "$SRV_OUT"; then
- fail "function call to '$2' failed on Server output"
- return
- fi
- ;;
- "-f")
- if ! $2 "$CLI_OUT"; then
- fail "function call to '$2' failed on Client output"
- return
- fi
- ;;
-
- *)
- echo "Unknown test: $1" >&2
- exit 1
- esac
- shift 2
- done
-
- # check valgrind's results
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
- fail "Server has memory errors"
- return
- fi
- if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
- fail "Client has memory errors"
- return
- fi
- fi
-
- # if we're here, everything is ok
- echo "PASS"
- if [ "$PRESERVE_LOGS" -gt 0 ]; then
- mv $SRV_OUT o-srv-${TESTS}.log
- mv $CLI_OUT o-cli-${TESTS}.log
- if [ -n "$PXY_CMD" ]; then
- mv $PXY_OUT o-pxy-${TESTS}.log
- fi
- fi
-
- rm -f $SRV_OUT $CLI_OUT $PXY_OUT
-}
-
-run_test_psa() {
- requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
- run_test "PSA-supported ciphersuite: $1" \
- "$P_SRV debug_level=3 force_version=tls1_2" \
- "$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \
- 0 \
- -c "Successfully setup PSA-based decryption cipher context" \
- -c "Successfully setup PSA-based encryption cipher context" \
- -c "PSA calc verify" \
- -c "calc PSA finished" \
- -s "Successfully setup PSA-based decryption cipher context" \
- -s "Successfully setup PSA-based encryption cipher context" \
- -s "PSA calc verify" \
- -s "calc PSA finished" \
- -C "Failed to setup PSA-based cipher context"\
- -S "Failed to setup PSA-based cipher context"\
- -s "Protocol is TLSv1.2" \
- -c "Perform PSA-based ECDH computation."\
- -c "Perform PSA-based computation of digest of ServerKeyExchange" \
- -S "error" \
- -C "error"
-}
-
-run_test_psa_force_curve() {
- requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
- run_test "PSA - ECDH with $1" \
- "$P_SRV debug_level=4 force_version=tls1_2" \
- "$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
- 0 \
- -c "Successfully setup PSA-based decryption cipher context" \
- -c "Successfully setup PSA-based encryption cipher context" \
- -c "PSA calc verify" \
- -c "calc PSA finished" \
- -s "Successfully setup PSA-based decryption cipher context" \
- -s "Successfully setup PSA-based encryption cipher context" \
- -s "PSA calc verify" \
- -s "calc PSA finished" \
- -C "Failed to setup PSA-based cipher context"\
- -S "Failed to setup PSA-based cipher context"\
- -s "Protocol is TLSv1.2" \
- -c "Perform PSA-based ECDH computation."\
- -c "Perform PSA-based computation of digest of ServerKeyExchange" \
- -S "error" \
- -C "error"
-}
-
-cleanup() {
- rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
- test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
- test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
- test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
- test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
- exit 1
-}
-
-#
-# MAIN
-#
-
-get_options "$@"
-
-# sanity checks, avoid an avalanche of errors
-P_SRV_BIN="${P_SRV%%[ ]*}"
-P_CLI_BIN="${P_CLI%%[ ]*}"
-P_PXY_BIN="${P_PXY%%[ ]*}"
-if [ ! -x "$P_SRV_BIN" ]; then
- echo "Command '$P_SRV_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_CLI_BIN" ]; then
- echo "Command '$P_CLI_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_PXY_BIN" ]; then
- echo "Command '$P_PXY_BIN' is not an executable file"
- exit 1
-fi
-if [ "$MEMCHECK" -gt 0 ]; then
- if which valgrind >/dev/null 2>&1; then :; else
- echo "Memcheck not possible. Valgrind not found"
- exit 1
- fi
-fi
-if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
- echo "Command '$OPENSSL_CMD' not found"
- exit 1
-fi
-
-# used by watchdog
-MAIN_PID="$$"
-
-# We use somewhat arbitrary delays for tests:
-# - how long do we wait for the server to start (when lsof not available)?
-# - how long do we allow for the client to finish?
-# (not to check performance, just to avoid waiting indefinitely)
-# Things are slower with valgrind, so give extra time here.
-#
-# Note: without lsof, there is a trade-off between the running time of this
-# script and the risk of spurious errors because we didn't wait long enough.
-# The watchdog delay on the other hand doesn't affect normal running time of
-# the script, only the case where a client or server gets stuck.
-if [ "$MEMCHECK" -gt 0 ]; then
- START_DELAY=6
- DOG_DELAY=60
-else
- START_DELAY=2
- DOG_DELAY=20
-fi
-
-# some particular tests need more time:
-# - for the client, we multiply the usual watchdog limit by a factor
-# - for the server, we sleep for a number of seconds after the client exits
-# see client_need_more_time() and server_needs_more_time()
-CLI_DELAY_FACTOR=1
-SRV_DELAY_SECONDS=0
-
-# fix commands to use this port, force IPv4 while at it
-# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
-P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
-P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
-P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
-O_CLI="$O_CLI -connect localhost:+SRV_PORT"
-G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT"
-
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
- O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
- O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
-fi
-
-# Allow SHA-1, because many of our test certificates use it
-P_SRV="$P_SRV allow_sha1=1"
-P_CLI="$P_CLI allow_sha1=1"
-
-# Also pick a unique name for intermediate files
-SRV_OUT="srv_out.$$"
-CLI_OUT="cli_out.$$"
-PXY_OUT="pxy_out.$$"
-SESSION="session.$$"
-
-SKIP_NEXT="NO"
-
-trap cleanup INT TERM HUP
-
-# Basic test
-
-# Checks that:
-# - things work with all ciphersuites active (used with config-full in all.sh)
-# - the expected (highest security) parameters are selected
-# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
-run_test "Default" \
- "$P_SRV debug_level=3" \
- "$P_CLI" \
- 0 \
- -s "Protocol is TLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
- -s "client hello v3, signature_algorithm ext: 6" \
- -s "ECDHE curve: secp521r1" \
- -S "error" \
- -C "error"
-
-run_test "Default, DTLS" \
- "$P_SRV dtls=1" \
- "$P_CLI dtls=1" \
- 0 \
- -s "Protocol is DTLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "CA callback on client" \
- "$P_SRV debug_level=3" \
- "$P_CLI ca_callback=1 debug_level=3 " \
- 0 \
- -c "use CA callback for X.509 CRT verification" \
- -S "error" \
- -C "error"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "CA callback on server" \
- "$P_SRV auth_mode=required" \
- "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key" \
- 0 \
- -c "use CA callback for X.509 CRT verification" \
- -s "Verifying peer X.509 certificate... ok" \
- -S "error" \
- -C "error"
-
-# Test using an opaque private key for client authentication
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for client authentication" \
- "$P_SRV auth_mode=required" \
- "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key" \
- 0 \
- -c "key type: Opaque" \
- -s "Verifying peer X.509 certificate... ok" \
- -S "error" \
- -C "error"
-
-# Test ciphersuites which we expect to be fully supported by PSA Crypto
-# and check that we don't fall back to Mbed TLS' internal crypto primitives.
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
-
-requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
-run_test_psa_force_curve "secp521r1"
-requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
-run_test_psa_force_curve "brainpoolP512r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
-run_test_psa_force_curve "secp384r1"
-requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
-run_test_psa_force_curve "brainpoolP384r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test_psa_force_curve "secp256r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
-run_test_psa_force_curve "secp256k1"
-requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
-run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
-run_test_psa_force_curve "secp224r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
-run_test_psa_force_curve "secp224k1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
-run_test_psa_force_curve "secp192r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
-run_test_psa_force_curve "secp192k1"
-
-# Test current time in ServerHello
-requires_config_enabled MBEDTLS_HAVE_TIME
-run_test "ServerHello contains gmt_unix_time" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
- 0 \
- -f "check_server_hello_time" \
- -F "check_server_hello_time"
-
-# Test for uniqueness of IVs in AEAD ciphersuites
-run_test "Unique IV in GCM" \
- "$P_SRV exchanges=20 debug_level=4" \
- "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
- 0 \
- -u "IV used" \
- -U "IV used"
-
-# Tests for certificate verification callback
-run_test "Configuration-specific CRT verification callback" \
- "$P_SRV debug_level=3" \
- "$P_CLI context_crt_cb=0 debug_level=3" \
- 0 \
- -S "error" \
- -c "Verify requested for " \
- -c "Use configuration-specific verification callback" \
- -C "Use context-specific verification callback" \
- -C "error"
-
-run_test "Context-specific CRT verification callback" \
- "$P_SRV debug_level=3" \
- "$P_CLI context_crt_cb=1 debug_level=3" \
- 0 \
- -S "error" \
- -c "Verify requested for " \
- -c "Use context-specific verification callback" \
- -C "Use configuration-specific verification callback" \
- -C "error"
-
-# Tests for rc4 option
-
-requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-run_test "RC4: server disabled, client enabled" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 1 \
- -s "SSL - The server has no ciphersuites in common"
-
-requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-run_test "RC4: server half, client enabled" \
- "$P_SRV arc4=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 1 \
- -s "SSL - The server has no ciphersuites in common"
-
-run_test "RC4: server enabled, client disabled" \
- "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI" \
- 1 \
- -s "SSL - The server has no ciphersuites in common"
-
-run_test "RC4: both enabled" \
- "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - The server has no ciphersuites in common"
-
-# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
- "$G_SRV"\
- "$P_CLI force_version=tls1_1" \
- 0
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
-run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
- "$G_SRV"\
- "$P_CLI force_version=tls1" \
- 0
-
-# Tests for SHA-1 support
-
-requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test "SHA-1 forbidden by default in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
- "$P_CLI debug_level=2 allow_sha1=0" \
- 1 \
- -c "The certificate is signed with an unacceptable hash"
-
-requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test "SHA-1 forbidden by default in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
- "$P_CLI debug_level=2 allow_sha1=0" \
- 0
-
-run_test "SHA-1 explicitly allowed in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
- "$P_CLI allow_sha1=1" \
- 0
-
-run_test "SHA-256 allowed by default in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
- "$P_CLI allow_sha1=0" \
- 0
-
-requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test "SHA-1 forbidden by default in client certificate" \
- "$P_SRV auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
- 1 \
- -s "The certificate is signed with an unacceptable hash"
-
-requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test "SHA-1 forbidden by default in client certificate" \
- "$P_SRV auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
- 0
-
-run_test "SHA-1 explicitly allowed in client certificate" \
- "$P_SRV auth_mode=required allow_sha1=1" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
- 0
-
-run_test "SHA-256 allowed by default in client certificate" \
- "$P_SRV auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
- 0
-
-# Tests for datagram packing
-run_test "DTLS: multiple records in same datagram, client and server" \
- "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
- 0 \
- -c "next record in same datagram" \
- -s "next record in same datagram"
-
-run_test "DTLS: multiple records in same datagram, client only" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
- 0 \
- -s "next record in same datagram" \
- -C "next record in same datagram"
-
-run_test "DTLS: multiple records in same datagram, server only" \
- "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -S "next record in same datagram" \
- -c "next record in same datagram"
-
-run_test "DTLS: multiple records in same datagram, neither client nor server" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -S "next record in same datagram" \
- -C "next record in same datagram"
-
-# Tests for Truncated HMAC extension
-
-run_test "Truncated HMAC: client default, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client disabled, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server disabled" \
- "$P_SRV debug_level=4 trunc_hmac=0" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client disabled, server enabled" \
- "$P_SRV debug_level=4 trunc_hmac=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server enabled" \
- "$P_SRV debug_level=4 trunc_hmac=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -S "dumping 'expected mac' (20 bytes)" \
- -s "dumping 'expected mac' (10 bytes)"
-
-run_test "Truncated HMAC, DTLS: client default, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client disabled, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -S "dumping 'expected mac' (20 bytes)" \
- -s "dumping 'expected mac' (10 bytes)"
-
-# Tests for Encrypt-then-MAC extension
-
-run_test "Encrypt then MAC: default" \
- "$P_SRV debug_level=3 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "client hello, adding encrypt_then_mac extension" \
- -s "found encrypt then mac extension" \
- -s "server hello, adding encrypt then mac extension" \
- -c "found encrypt_then_mac extension" \
- -c "using encrypt then mac" \
- -s "using encrypt then mac"
-
-run_test "Encrypt then MAC: client enabled, server disabled" \
- "$P_SRV debug_level=3 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- "$P_CLI debug_level=3 etm=1" \
- 0 \
- -c "client hello, adding encrypt_then_mac extension" \
- -s "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-run_test "Encrypt then MAC: client enabled, aead cipher" \
- "$P_SRV debug_level=3 etm=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI debug_level=3 etm=1" \
- 0 \
- -c "client hello, adding encrypt_then_mac extension" \
- -s "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-run_test "Encrypt then MAC: client enabled, stream cipher" \
- "$P_SRV debug_level=3 etm=1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "client hello, adding encrypt_then_mac extension" \
- -s "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-run_test "Encrypt then MAC: client disabled, server enabled" \
- "$P_SRV debug_level=3 etm=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- "$P_CLI debug_level=3 etm=0" \
- 0 \
- -C "client hello, adding encrypt_then_mac extension" \
- -S "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Encrypt then MAC: client SSLv3, server enabled" \
- "$P_SRV debug_level=3 min_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- "$P_CLI debug_level=3 force_version=ssl3" \
- 0 \
- -C "client hello, adding encrypt_then_mac extension" \
- -S "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Encrypt then MAC: client enabled, server SSLv3" \
- "$P_SRV debug_level=3 force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- "$P_CLI debug_level=3 min_version=ssl3" \
- 0 \
- -c "client hello, adding encrypt_then_mac extension" \
- -S "found encrypt then mac extension" \
- -S "server hello, adding encrypt then mac extension" \
- -C "found encrypt_then_mac extension" \
- -C "using encrypt then mac" \
- -S "using encrypt then mac"
-
-# Tests for Extended Master Secret extension
-
-run_test "Extended Master Secret: default" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "client hello, adding extended_master_secret extension" \
- -s "found extended master secret extension" \
- -s "server hello, adding extended master secret extension" \
- -c "found extended_master_secret extension" \
- -c "using extended master secret" \
- -s "using extended master secret"
-
-run_test "Extended Master Secret: client enabled, server disabled" \
- "$P_SRV debug_level=3 extended_ms=0" \
- "$P_CLI debug_level=3 extended_ms=1" \
- 0 \
- -c "client hello, adding extended_master_secret extension" \
- -s "found extended master secret extension" \
- -S "server hello, adding extended master secret extension" \
- -C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
-
-run_test "Extended Master Secret: client disabled, server enabled" \
- "$P_SRV debug_level=3 extended_ms=1" \
- "$P_CLI debug_level=3 extended_ms=0" \
- 0 \
- -C "client hello, adding extended_master_secret extension" \
- -S "found extended master secret extension" \
- -S "server hello, adding extended master secret extension" \
- -C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Extended Master Secret: client SSLv3, server enabled" \
- "$P_SRV debug_level=3 min_version=ssl3" \
- "$P_CLI debug_level=3 force_version=ssl3" \
- 0 \
- -C "client hello, adding extended_master_secret extension" \
- -S "found extended master secret extension" \
- -S "server hello, adding extended master secret extension" \
- -C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Extended Master Secret: client enabled, server SSLv3" \
- "$P_SRV debug_level=3 force_version=ssl3" \
- "$P_CLI debug_level=3 min_version=ssl3" \
- 0 \
- -c "client hello, adding extended_master_secret extension" \
- -S "found extended master secret extension" \
- -S "server hello, adding extended master secret extension" \
- -C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
-
-# Tests for FALLBACK_SCSV
-
-run_test "Fallback SCSV: default" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: explicitly disabled" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: enabled" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
- 1 \
- -c "adding FALLBACK_SCSV" \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback" \
- -c "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: enabled, max version" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 fallback=1" \
- 0 \
- -c "adding FALLBACK_SCSV" \
- -s "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: default, openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
- 1 \
- -c "adding FALLBACK_SCSV" \
- -c "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: disabled, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -tls1_1" \
- 0 \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -tls1_1 -fallback_scsv" \
- 1 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, max version, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -fallback_scsv" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
-# Test sending and receiving empty application data records
-
-run_test "Encrypt then MAC: empty application data record" \
- "$P_SRV auth_mode=none debug_level=4 etm=1" \
- "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
- -s "dumping 'input payload after decrypt' (0 bytes)" \
- -c "0 bytes written in 1 fragments"
-
-run_test "Default, no Encrypt then MAC: empty application data record" \
- "$P_SRV auth_mode=none debug_level=4 etm=0" \
- "$P_CLI auth_mode=none etm=0 request_size=0" \
- 0 \
- -s "dumping 'input payload after decrypt' (0 bytes)" \
- -c "0 bytes written in 1 fragments"
-
-run_test "Encrypt then MAC, DTLS: empty application data record" \
- "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
- "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
- 0 \
- -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
- -s "dumping 'input payload after decrypt' (0 bytes)" \
- -c "0 bytes written in 1 fragments"
-
-run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
- "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
- "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
- 0 \
- -s "dumping 'input payload after decrypt' (0 bytes)" \
- -c "0 bytes written in 1 fragments"
-
-## ClientHello generated with
-## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
-## then manually twiddling the ciphersuite list.
-## The ClientHello content is spelled out below as a hex string as
-## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
-## The expected response is an inappropriate_fallback alert.
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: beginning of list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: end of list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-## Here the expected response is a valid ServerHello prefix, up to the random.
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: not in list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
- 0 \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
-# Tests for CBC 1/n-1 record splitting
-
-run_test "CBC Record splitting: TLS 1.2, no splitting" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1_2" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.1, no splitting" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1_1" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1" \
- 0 \
- -S "Read from client: 123 bytes read" \
- -s "Read from client: 1 bytes read" \
- -s "122 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "CBC Record splitting: SSLv3, splitting" \
- "$P_SRV min_version=ssl3" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=ssl3" \
- 0 \
- -S "Read from client: 123 bytes read" \
- -s "Read from client: 1 bytes read" \
- -s "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- request_size=123 force_version=tls1" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1 recsplit=0" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
- "$P_SRV nbio=2" \
- "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1" \
- 0 \
- -S "Read from client: 123 bytes read" \
- -s "Read from client: 1 bytes read" \
- -s "122 bytes read"
-
-# Tests for Session Tickets
-
-run_test "Session resume using tickets: basic" \
- "$P_SRV debug_level=3 tickets=1" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets: cache disabled" \
- "$P_SRV debug_level=3 tickets=1 cache_max=0" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets: timeout" \
- "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using tickets: openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets: openssl client" \
- "$P_SRV debug_level=3 tickets=1" \
- "( $O_CLI -sess_out $SESSION; \
- $O_CLI -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed"
-
-# Tests for Session Tickets with DTLS
-
-run_test "Session resume using tickets, DTLS: basic" \
- "$P_SRV debug_level=3 dtls=1 tickets=1" \
- "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets, DTLS: cache disabled" \
- "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
- "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets, DTLS: timeout" \
- "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
- "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using tickets, DTLS: openssl server" \
- "$O_SRV -dtls1" \
- "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets, DTLS: openssl client" \
- "$P_SRV dtls=1 debug_level=3 tickets=1" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed"
-
-# Tests for Session Resume based on session-ID and cache
-
-run_test "Session resume using cache: tickets enabled on client" \
- "$P_SRV debug_level=3 tickets=0" \
- "$P_CLI debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache: tickets enabled on server" \
- "$P_SRV debug_level=3 tickets=1" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -C "client hello, adding session ticket extension" \
- -S "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache: cache_max=0" \
- "$P_SRV debug_level=3 tickets=0 cache_max=0" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using cache: cache_max=1" \
- "$P_SRV debug_level=3 tickets=0 cache_max=1" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache: timeout > delay" \
- "$P_SRV debug_level=3 tickets=0" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache: timeout < delay" \
- "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
- 0 \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using cache: no timeout" \
- "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache: openssl client" \
- "$P_SRV debug_level=3 tickets=0" \
- "( $O_CLI -sess_out $SESSION; \
- $O_CLI -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed"
-
-run_test "Session resume using cache: openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -c "a session has been resumed"
-
-# Tests for Session Resume based on session-ID and cache, DTLS
-
-run_test "Session resume using cache, DTLS: tickets enabled on client" \
- "$P_SRV dtls=1 debug_level=3 tickets=0" \
- "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -s "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: tickets enabled on server" \
- "$P_SRV dtls=1 debug_level=3 tickets=1" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -C "client hello, adding session ticket extension" \
- -S "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: cache_max=0" \
- "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: cache_max=1" \
- "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: timeout > delay" \
- "$P_SRV dtls=1 debug_level=3 tickets=0" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: timeout < delay" \
- "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
- 0 \
- -S "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -S "a session has been resumed" \
- -C "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: no timeout" \
- "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
- 0 \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed" \
- -c "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: openssl client" \
- "$P_SRV dtls=1 debug_level=3 tickets=0" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: openssl server" \
- "$O_SRV -dtls1" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -c "a session has been resumed"
-
-# Tests for Max Fragment Length extension
-
-if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
- printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
- exit 1
-fi
-
-if [ $MAX_CONTENT_LEN -ne 16384 ]; then
- printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
-fi
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: enabled, default" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
- -C "client hello, adding max_fragment_length extension" \
- -S "found max fragment length extension" \
- -S "server hello, max_fragment_length extension" \
- -C "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: enabled, default, larger message" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
- 0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
- -C "client hello, adding max_fragment_length extension" \
- -S "found max fragment length extension" \
- -S "server hello, max_fragment_length extension" \
- -C "found max_fragment_length extension" \
- -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
- -s "$MAX_CONTENT_LEN bytes read" \
- -s "1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length, DTLS: enabled, default, larger message" \
- "$P_SRV debug_level=3 dtls=1" \
- "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
- 1 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
- -C "client hello, adding max_fragment_length extension" \
- -S "found max fragment length extension" \
- -S "server hello, max_fragment_length extension" \
- -C "found max_fragment_length extension" \
- -c "fragment larger than.*maximum "
-
-# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
-# (session fragment length will be 16384 regardless of mbedtls
-# content length configuration.)
-
-requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: disabled, larger message" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
- 0 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
- -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
- -s "$MAX_CONTENT_LEN bytes read" \
- -s "1 bytes read"
-
-requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length DTLS: disabled, larger message" \
- "$P_SRV debug_level=3 dtls=1" \
- "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
- 1 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
- -c "fragment larger than.*maximum "
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: used by client" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=4096" \
- 0 \
- -c "Maximum fragment length is 4096" \
- -s "Maximum fragment length is 4096" \
- -c "client hello, adding max_fragment_length extension" \
- -s "found max fragment length extension" \
- -s "server hello, max_fragment_length extension" \
- -c "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: used by server" \
- "$P_SRV debug_level=3 max_frag_len=4096" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is 4096" \
- -C "client hello, adding max_fragment_length extension" \
- -S "found max fragment length extension" \
- -S "server hello, max_fragment_length extension" \
- -C "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_gnutls
-run_test "Max fragment length: gnutls server" \
- "$G_SRV" \
- "$P_CLI debug_level=3 max_frag_len=4096" \
- 0 \
- -c "Maximum fragment length is 4096" \
- -c "client hello, adding max_fragment_length extension" \
- -c "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: client, message just fits" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
- 0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
- -c "client hello, adding max_fragment_length extension" \
- -s "found max fragment length extension" \
- -s "server hello, max_fragment_length extension" \
- -c "found max_fragment_length extension" \
- -c "2048 bytes written in 1 fragments" \
- -s "2048 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: client, larger message" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
- 0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
- -c "client hello, adding max_fragment_length extension" \
- -s "found max fragment length extension" \
- -s "server hello, max_fragment_length extension" \
- -c "found max_fragment_length extension" \
- -c "2345 bytes written in 2 fragments" \
- -s "2048 bytes read" \
- -s "297 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "Max fragment length: DTLS client, larger message" \
- "$P_SRV debug_level=3 dtls=1" \
- "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
- 1 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
- -c "client hello, adding max_fragment_length extension" \
- -s "found max fragment length extension" \
- -s "server hello, max_fragment_length extension" \
- -c "found max_fragment_length extension" \
- -c "fragment larger than.*maximum"
-
-# Tests for renegotiation
-
-# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
-run_test "Renegotiation: none, for reference" \
- "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: client-initiated" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request"
-
-# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
-# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -S "write hello request" \
- -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
-
-# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
-# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request" \
- -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: double" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: client-initiated, server-rejected" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
- 1 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -S "=> renegotiate" \
- -S "write hello request" \
- -c "SSL - Unexpected message at ServerHello in renegotiation" \
- -c "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated, client-rejected, default" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
- renego_delay=-1 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-# delay 2 for 1 alert record + 1 application data record
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
- renego_delay=2 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
- renego_delay=0 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -s "write hello request" \
- -s "SSL - An unexpected message was received from our peer"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
- "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
- renego_delay=0 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: periodic, just below period" \
- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -S "record counter limit reached: renegotiate" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -S "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-# one extra exchange to be able to complete renego
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: periodic, just above period" \
- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -s "record counter limit reached: renegotiate" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: periodic, two times period" \
- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -s "record counter limit reached: renegotiate" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: periodic, above period, disabled" \
- "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
- "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
- 0 \
- -C "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -S "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -S "record counter limit reached: renegotiate" \
- -C "=> renegotiate" \
- -S "=> renegotiate" \
- -S "write hello request" \
- -S "SSL - An unexpected message was received from our peer" \
- -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: nbio, client-initiated" \
- "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
- "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: nbio, server-initiated" \
- "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
- "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: openssl server, client-initiated" \
- "$O_SRV -www" \
- "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
- -C "error" \
- -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: gnutls server strict, client-initiated" \
- "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
- -C "error" \
- -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
- 1 \
- -c "client hello, adding renegotiation extension" \
- -C "found renegotiation extension" \
- -c "=> renegotiate" \
- -c "mbedtls_ssl_handshake() returned" \
- -c "error" \
- -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
- allow_legacy=0" \
- 1 \
- -c "client hello, adding renegotiation extension" \
- -C "found renegotiation extension" \
- -c "=> renegotiate" \
- -c "mbedtls_ssl_handshake() returned" \
- -c "error" \
- -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
- allow_legacy=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -C "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
- -C "error" \
- -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: DTLS, client-initiated" \
- "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
- "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: DTLS, server-initiated" \
- "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
- "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
- read_timeout=1000 max_resend=2" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: DTLS, renego_period overflow" \
- "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
- "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -s "record counter limit reached: renegotiate" \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "write hello request"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
- "$G_SRV -u --mtu 4096" \
- "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
- 0 \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "mbedtls_ssl_handshake returned" \
- -C "error" \
- -s "Extra-header:"
-
-# Test for the "secure renegotation" extension only (no actual renegotiation)
-
-requires_gnutls
-run_test "Renego ext: gnutls server strict, client default" \
- "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "found renegotiation extension" \
- -C "error" \
- -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test "Renego ext: gnutls server unsafe, client default" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3" \
- 0 \
- -C "found renegotiation extension" \
- -C "error" \
- -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test "Renego ext: gnutls server unsafe, client break legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
- "$P_CLI debug_level=3 allow_legacy=-1" \
- 1 \
- -C "found renegotiation extension" \
- -c "error" \
- -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test "Renego ext: gnutls client strict, server default" \
- "$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
- 0 \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
- -s "server hello, secure renegotiation extension"
-
-requires_gnutls
-run_test "Renego ext: gnutls client unsafe, server default" \
- "$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
- 0 \
- -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
- -S "server hello, secure renegotiation extension"
-
-requires_gnutls
-run_test "Renego ext: gnutls client unsafe, server break legacy" \
- "$P_SRV debug_level=3 allow_legacy=-1" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
- 1 \
- -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
- -S "server hello, secure renegotiation extension"
-
-# Tests for silently dropping trailing extra bytes in .der certificates
-
-requires_gnutls
-run_test "DER format: no trailing bytes" \
- "$P_SRV crt_file=data_files/server5-der0.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with a trailing zero byte" \
- "$P_SRV crt_file=data_files/server5-der1a.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with a trailing random byte" \
- "$P_SRV crt_file=data_files/server5-der1b.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with 2 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der2.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with 4 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der4.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with 8 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der8.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-requires_gnutls
-run_test "DER format: with 9 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der9.crt \
- key_file=data_files/server5.key" \
- "$G_CLI localhost" \
- 0 \
- -c "Handshake was completed" \
-
-# Tests for auth_mode, there are duplicated tests using ca callback for authentication
-# When updating these tests, modify the matching authentication tests accordingly
-
-run_test "Authentication: server badcert, client required" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI debug_level=1 auth_mode=required" \
- 1 \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -c "! mbedtls_ssl_handshake returned" \
- -c "X509 - Certificate verification failed"
-
-run_test "Authentication: server badcert, client optional" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI debug_level=1 auth_mode=optional" \
- 0 \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed"
-
-run_test "Authentication: server goodcert, client optional, no trusted CA" \
- "$P_SRV" \
- "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
- 0 \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -c "! Certificate verification flags"\
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed" \
- -C "SSL - No CA Chain is set, but required to operate"
-
-run_test "Authentication: server goodcert, client required, no trusted CA" \
- "$P_SRV" \
- "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
- 1 \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -c "! Certificate verification flags"\
- -c "! mbedtls_ssl_handshake returned" \
- -c "SSL - No CA Chain is set, but required to operate"
-
-# The purpose of the next two tests is to test the client's behaviour when receiving a server
-# certificate with an unsupported elliptic curve. This should usually not happen because
-# the client informs the server about the supported curves - it does, though, in the
-# corner case of a static ECDH suite, because the server doesn't check the curve on that
-# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
-# different means to have the server ignoring the client's supported curve list.
-
-requires_config_enabled MBEDTLS_ECP_C
-run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \
- 1 \
- -c "bad certificate (EC key curve)"\
- -c "! Certificate verification flags"\
- -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-
-requires_config_enabled MBEDTLS_ECP_C
-run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \
- 1 \
- -c "bad certificate (EC key curve)"\
- -c "! Certificate verification flags"\
- -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-
-run_test "Authentication: server badcert, client none" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI debug_level=1 auth_mode=none" \
- 0 \
- -C "x509_verify_cert() returned" \
- -C "! The certificate is not correctly signed by the trusted CA" \
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed"
-
-run_test "Authentication: client SHA256, server required" \
- "$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
- 0 \
- -c "Supported Signature Algorithm found: 4," \
- -c "Supported Signature Algorithm found: 5,"
-
-run_test "Authentication: client SHA384, server required" \
- "$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
- 0 \
- -c "Supported Signature Algorithm found: 4," \
- -c "Supported Signature Algorithm found: 5,"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Authentication: client has no cert, server required (SSLv3)" \
- "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
- "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
- key_file=data_files/server5.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -c "got no certificate to send" \
- -S "x509_verify_cert() returned" \
- -s "client has no certificate" \
- -s "! mbedtls_ssl_handshake returned" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "No client certification received from the client, but required by the authentication mode"
-
-run_test "Authentication: client has no cert, server required (TLS)" \
- "$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=none \
- key_file=data_files/server5.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -c "= write certificate$" \
- -C "skip write certificate$" \
- -S "x509_verify_cert() returned" \
- -s "client has no certificate" \
- -s "! mbedtls_ssl_handshake returned" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "No client certification received from the client, but required by the authentication mode"
-
-run_test "Authentication: client badcert, server required" \
- "$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "send alert level=2 message=48" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "X509 - Certificate verification failed"
-# We don't check that the client receives the alert because it might
-# detect that its write end of the connection is closed and abort
-# before reading the alert message.
-
-run_test "Authentication: client cert not trusted, server required" \
- "$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -s "! mbedtls_ssl_handshake returned" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "X509 - Certificate verification failed"
-
-run_test "Authentication: client badcert, server optional" \
- "$P_SRV debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -S "! mbedtls_ssl_handshake returned" \
- -C "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-run_test "Authentication: client badcert, server none" \
- "$P_SRV debug_level=3 auth_mode=none" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- 0 \
- -s "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got no certificate request" \
- -c "skip write certificate" \
- -c "skip write certificate verify" \
- -s "skip parse certificate verify" \
- -S "x509_verify_cert() returned" \
- -S "! The certificate is not correctly signed by the trusted CA" \
- -S "! mbedtls_ssl_handshake returned" \
- -C "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-run_test "Authentication: client no cert, server optional" \
- "$P_SRV debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=none key_file=none" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate$" \
- -C "got no certificate to send" \
- -S "SSLv3 client has no certificate" \
- -c "skip write certificate verify" \
- -s "skip parse certificate verify" \
- -s "! Certificate was missing" \
- -S "! mbedtls_ssl_handshake returned" \
- -C "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-run_test "Authentication: openssl client no cert, server optional" \
- "$P_SRV debug_level=3 auth_mode=optional" \
- "$O_CLI" \
- 0 \
- -S "skip write certificate request" \
- -s "skip parse certificate verify" \
- -s "! Certificate was missing" \
- -S "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-run_test "Authentication: client no cert, openssl server optional" \
- "$O_SRV -verify 10" \
- "$P_CLI debug_level=3 crt_file=none key_file=none" \
- 0 \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate$" \
- -c "skip write certificate verify" \
- -C "! mbedtls_ssl_handshake returned"
-
-run_test "Authentication: client no cert, openssl server required" \
- "$O_SRV -Verify 10" \
- "$P_CLI debug_level=3 crt_file=none key_file=none" \
- 1 \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate$" \
- -c "skip write certificate verify" \
- -c "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Authentication: client no cert, ssl3" \
- "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
- "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate$" \
- -c "skip write certificate verify" \
- -c "got no certificate to send" \
- -s "SSLv3 client has no certificate" \
- -s "skip parse certificate verify" \
- -s "! Certificate was missing" \
- -S "! mbedtls_ssl_handshake returned" \
- -C "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
-# default value (8)
-
-MAX_IM_CA='8'
-MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-
-if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
- printf "The ${CONFIG_H} file contains a value for the configuration of\n"
- printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
- printf "test value of ${MAX_IM_CA}. \n"
- printf "\n"
- printf "The tests assume this value and if it changes, the tests in this\n"
- printf "script should also be adjusted.\n"
- printf "\n"
-
- exit 1
-fi
-
-requires_full_size_output_buffer
-run_test "Authentication: server max_int chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
- 0 \
- -C "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: server max_int+1 chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
- 1 \
- -c "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
- auth_mode=optional" \
- 1 \
- -c "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: server max_int+1 chain, client none" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
- auth_mode=none" \
- 0 \
- -C "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: client max_int+1 chain, server default" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- 0 \
- -S "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: client max_int+1 chain, server optional" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- 1 \
- -s "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: client max_int+1 chain, server required" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- 1 \
- -s "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-run_test "Authentication: client max_int chain, server required" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- 0 \
- -S "X509 - A fatal error occurred"
-
-# Tests for CA list in CertificateRequest messages
-
-run_test "Authentication: send CA list in CertificateRequest (default)" \
- "$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
- 0 \
- -s "requested DN"
-
-run_test "Authentication: do not send CA list in CertificateRequest" \
- "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
- 0 \
- -S "requested DN"
-
-run_test "Authentication: send CA list in CertificateRequest, client self signed" \
- "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
- 1 \
- -S "requested DN" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -s "! mbedtls_ssl_handshake returned" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "X509 - Certificate verification failed"
-
-# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
-# When updating these tests, modify the matching authentication tests accordingly
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server badcert, client required" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
- 1 \
- -c "use CA callback for X.509 CRT verification" \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -c "! mbedtls_ssl_handshake returned" \
- -c "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server badcert, client optional" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
- 0 \
- -c "use CA callback for X.509 CRT verification" \
- -c "x509_verify_cert() returned" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed"
-
-# The purpose of the next two tests is to test the client's behaviour when receiving a server
-# certificate with an unsupported elliptic curve. This should usually not happen because
-# the client informs the server about the supported curves - it does, though, in the
-# corner case of a static ECDH suite, because the server doesn't check the curve on that
-# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
-# different means to have the server ignoring the client's supported curve list.
-
-requires_config_enabled MBEDTLS_ECP_C
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
- 1 \
- -c "use CA callback for X.509 CRT verification" \
- -c "bad certificate (EC key curve)" \
- -c "! Certificate verification flags" \
- -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-
-requires_config_enabled MBEDTLS_ECP_C
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
- 1 \
- -c "use CA callback for X.509 CRT verification" \
- -c "bad certificate (EC key curve)"\
- -c "! Certificate verification flags"\
- -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client SHA256, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
- 0 \
- -s "use CA callback for X.509 CRT verification" \
- -c "Supported Signature Algorithm found: 4," \
- -c "Supported Signature Algorithm found: 5,"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client SHA384, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
- 0 \
- -s "use CA callback for X.509 CRT verification" \
- -c "Supported Signature Algorithm found: 4," \
- -c "Supported Signature Algorithm found: 5,"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client badcert, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- 1 \
- -s "use CA callback for X.509 CRT verification" \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "send alert level=2 message=48" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "X509 - Certificate verification failed"
-# We don't check that the client receives the alert because it might
-# detect that its write end of the connection is closed and abort
-# before reading the alert message.
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client cert not trusted, server required" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
- 1 \
- -s "use CA callback for X.509 CRT verification" \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -s "! mbedtls_ssl_handshake returned" \
- -c "! mbedtls_ssl_handshake returned" \
- -s "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client badcert, server optional" \
- "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- 0 \
- -s "use CA callback for X.509 CRT verification" \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -S "! mbedtls_ssl_handshake returned" \
- -C "! mbedtls_ssl_handshake returned" \
- -S "X509 - Certificate verification failed"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server max_int chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
- 0 \
- -c "use CA callback for X.509 CRT verification" \
- -C "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server max_int+1 chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
- 1 \
- -c "use CA callback for X.509 CRT verification" \
- -c "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
- debug_level=3 auth_mode=optional" \
- 1 \
- -c "use CA callback for X.509 CRT verification" \
- -c "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- 1 \
- -s "use CA callback for X.509 CRT verification" \
- -s "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client max_int+1 chain, server required" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- 1 \
- -s "use CA callback for X.509 CRT verification" \
- -s "X509 - A fatal error occurred"
-
-requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-run_test "Authentication, CA callback: client max_int chain, server required" \
- "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- 0 \
- -s "use CA callback for X.509 CRT verification" \
- -S "X509 - A fatal error occurred"
-
-# Tests for certificate selection based on SHA verson
-
-run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1_2" \
- 0 \
- -c "signed using.*ECDSA with SHA256" \
- -C "signed using.*ECDSA with SHA1"
-
-run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -C "signed using.*ECDSA with SHA256" \
- -c "signed using.*ECDSA with SHA1"
-
-run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1" \
- 0 \
- -C "signed using.*ECDSA with SHA256" \
- -c "signed using.*ECDSA with SHA1"
-
-run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server6.crt \
- key_file2=data_files/server6.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "serial number.*09" \
- -c "signed using.*ECDSA with SHA256" \
- -C "signed using.*ECDSA with SHA1"
-
-run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
- "$P_SRV crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- crt_file2=data_files/server5.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "serial number.*0A" \
- -c "signed using.*ECDSA with SHA256" \
- -C "signed using.*ECDSA with SHA1"
-
-# tests for SNI
-
-run_test "SNI: no SNI callback" \
- "$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key" \
- "$P_CLI server_name=localhost" \
- 0 \
- -S "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test "SNI: matching cert 1" \
- "$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=localhost" \
- 0 \
- -s "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test "SNI: matching cert 2" \
- "$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=polarssl.example" \
- 0 \
- -s "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-run_test "SNI: no matching cert" \
- "$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=nonesuch.example" \
- 1 \
- -s "parse ServerName extension" \
- -s "ssl_sni_wrapper() returned" \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -c "SSL - A fatal alert message was received from our peer"
-
-run_test "SNI: client auth no override: optional" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
- "$P_CLI debug_level=3 server_name=localhost" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify"
-
-run_test "SNI: client auth override: none -> optional" \
- "$P_SRV debug_level=3 auth_mode=none \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
- "$P_CLI debug_level=3 server_name=localhost" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify"
-
-run_test "SNI: client auth override: optional -> none" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
- "$P_CLI debug_level=3 server_name=localhost" \
- 0 \
- -s "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got no certificate request" \
- -c "skip write certificate" \
- -c "skip write certificate verify" \
- -s "skip parse certificate verify"
-
-run_test "SNI: CA no override" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
- "$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -S "The certificate has been revoked (is on a CRL)"
-
-run_test "SNI: CA override" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
- "$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -S "x509_verify_cert() returned" \
- -S "! The certificate is not correctly signed by the trusted CA" \
- -S "The certificate has been revoked (is on a CRL)"
-
-run_test "SNI: CA override with CRL" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
- "$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -S "! The certificate is not correctly signed by the trusted CA" \
- -s "The certificate has been revoked (is on a CRL)"
-
-# Tests for SNI and DTLS
-
-run_test "SNI: DTLS, no SNI callback" \
- "$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key" \
- "$P_CLI server_name=localhost dtls=1" \
- 0 \
- -S "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test "SNI: DTLS, matching cert 1" \
- "$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=localhost dtls=1" \
- 0 \
- -s "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test "SNI: DTLS, matching cert 2" \
- "$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=polarssl.example dtls=1" \
- 0 \
- -s "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-run_test "SNI: DTLS, no matching cert" \
- "$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=nonesuch.example dtls=1" \
- 1 \
- -s "parse ServerName extension" \
- -s "ssl_sni_wrapper() returned" \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -c "SSL - A fatal alert message was received from our peer"
-
-run_test "SNI: DTLS, client auth no override: optional" \
- "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify"
-
-run_test "SNI: DTLS, client auth override: none -> optional" \
- "$P_SRV debug_level=3 auth_mode=none dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify"
-
-run_test "SNI: DTLS, client auth override: optional -> none" \
- "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1" \
- 0 \
- -s "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got no certificate request" \
- -c "skip write certificate" \
- -c "skip write certificate verify" \
- -s "skip parse certificate verify"
-
-run_test "SNI: DTLS, CA no override" \
- "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -s "! The certificate is not correctly signed by the trusted CA" \
- -S "The certificate has been revoked (is on a CRL)"
-
-run_test "SNI: DTLS, CA override" \
- "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 0 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -S "x509_verify_cert() returned" \
- -S "! The certificate is not correctly signed by the trusted CA" \
- -S "The certificate has been revoked (is on a CRL)"
-
-run_test "SNI: DTLS, CA override with CRL" \
- "$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
- "$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
- 1 \
- -S "skip write certificate request" \
- -C "skip parse certificate request" \
- -c "got a certificate request" \
- -C "skip write certificate" \
- -C "skip write certificate verify" \
- -S "skip parse certificate verify" \
- -s "x509_verify_cert() returned" \
- -S "! The certificate is not correctly signed by the trusted CA" \
- -s "The certificate has been revoked (is on a CRL)"
-
-# Tests for non-blocking I/O: exercise a variety of handshake flows
-
-run_test "Non-blocking I/O: basic handshake" \
- "$P_SRV nbio=2 tickets=0 auth_mode=none" \
- "$P_CLI nbio=2 tickets=0" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: client auth" \
- "$P_SRV nbio=2 tickets=0 auth_mode=required" \
- "$P_CLI nbio=2 tickets=0" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: ticket" \
- "$P_SRV nbio=2 tickets=1 auth_mode=none" \
- "$P_CLI nbio=2 tickets=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: ticket + client auth" \
- "$P_SRV nbio=2 tickets=1 auth_mode=required" \
- "$P_CLI nbio=2 tickets=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: ticket + client auth + resume" \
- "$P_SRV nbio=2 tickets=1 auth_mode=required" \
- "$P_CLI nbio=2 tickets=1 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: ticket + resume" \
- "$P_SRV nbio=2 tickets=1 auth_mode=none" \
- "$P_CLI nbio=2 tickets=1 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Non-blocking I/O: session-id resume" \
- "$P_SRV nbio=2 tickets=0 auth_mode=none" \
- "$P_CLI nbio=2 tickets=0 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-# Tests for event-driven I/O: exercise a variety of handshake flows
-
-run_test "Event-driven I/O: basic handshake" \
- "$P_SRV event=1 tickets=0 auth_mode=none" \
- "$P_CLI event=1 tickets=0" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: client auth" \
- "$P_SRV event=1 tickets=0 auth_mode=required" \
- "$P_CLI event=1 tickets=0" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: ticket" \
- "$P_SRV event=1 tickets=1 auth_mode=none" \
- "$P_CLI event=1 tickets=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: ticket + client auth" \
- "$P_SRV event=1 tickets=1 auth_mode=required" \
- "$P_CLI event=1 tickets=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: ticket + client auth + resume" \
- "$P_SRV event=1 tickets=1 auth_mode=required" \
- "$P_CLI event=1 tickets=1 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: ticket + resume" \
- "$P_SRV event=1 tickets=1 auth_mode=none" \
- "$P_CLI event=1 tickets=1 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O: session-id resume" \
- "$P_SRV event=1 tickets=0 auth_mode=none" \
- "$P_CLI event=1 tickets=0 reconnect=1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: basic handshake" \
- "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 event=1 tickets=0" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: client auth" \
- "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
- "$P_CLI dtls=1 event=1 tickets=0" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: ticket" \
- "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
- "$P_CLI dtls=1 event=1 tickets=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: ticket + client auth" \
- "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
- "$P_CLI dtls=1 event=1 tickets=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
- "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
- "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: ticket + resume" \
- "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
- "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-run_test "Event-driven I/O, DTLS: session-id resume" \
- "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-# This test demonstrates the need for the mbedtls_ssl_check_pending function.
-# During session resumption, the client will send its ApplicationData record
-# within the same datagram as the Finished messages. In this situation, the
-# server MUST NOT idle on the underlying transport after handshake completion,
-# because the ApplicationData request has already been queued internally.
-run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
- -p "$P_PXY pack=50" \
- "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
- "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
- 0 \
- -c "Read from server: .* bytes read"
-
-# Tests for version negotiation
-
-run_test "Version check: all -> 1.2" \
- "$P_SRV" \
- "$P_CLI" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.2" \
- -c "Protocol is TLSv1.2"
-
-run_test "Version check: cli max 1.1 -> 1.1" \
- "$P_SRV" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli+srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
- "$P_SRV min_version=tls1_1" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI min_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI min_version=tls1_2" \
- 1 \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -c "SSL - Handshake protocol not within min/max boundaries"
-
-run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
- "$P_SRV min_version=tls1_2" \
- "$P_CLI max_version=tls1_1" \
- 1 \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -s "SSL - Handshake protocol not within min/max boundaries"
-
-# Tests for ALPN extension
-
-run_test "ALPN: none" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
- 0 \
- -C "client hello, adding alpn extension" \
- -S "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
- -C "found alpn extension " \
- -C "Application Layer Protocol is" \
- -S "Application Layer Protocol is"
-
-run_test "ALPN: client only" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 alpn=abc,1234" \
- 0 \
- -c "client hello, adding alpn extension" \
- -s "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
- -C "found alpn extension " \
- -c "Application Layer Protocol is (none)" \
- -S "Application Layer Protocol is"
-
-run_test "ALPN: server only" \
- "$P_SRV debug_level=3 alpn=abc,1234" \
- "$P_CLI debug_level=3" \
- 0 \
- -C "client hello, adding alpn extension" \
- -S "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
- -C "found alpn extension " \
- -C "Application Layer Protocol is" \
- -s "Application Layer Protocol is (none)"
-
-run_test "ALPN: both, common cli1-srv1" \
- "$P_SRV debug_level=3 alpn=abc,1234" \
- "$P_CLI debug_level=3 alpn=abc,1234" \
- 0 \
- -c "client hello, adding alpn extension" \
- -s "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
- -c "found alpn extension" \
- -c "Application Layer Protocol is abc" \
- -s "Application Layer Protocol is abc"
-
-run_test "ALPN: both, common cli2-srv1" \
- "$P_SRV debug_level=3 alpn=abc,1234" \
- "$P_CLI debug_level=3 alpn=1234,abc" \
- 0 \
- -c "client hello, adding alpn extension" \
- -s "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
- -c "found alpn extension" \
- -c "Application Layer Protocol is abc" \
- -s "Application Layer Protocol is abc"
-
-run_test "ALPN: both, common cli1-srv2" \
- "$P_SRV debug_level=3 alpn=abc,1234" \
- "$P_CLI debug_level=3 alpn=1234,abcde" \
- 0 \
- -c "client hello, adding alpn extension" \
- -s "found alpn extension" \
- -C "got an alert message, type: \\[2:120]" \
- -s "server hello, adding alpn extension" \
- -c "found alpn extension" \
- -c "Application Layer Protocol is 1234" \
- -s "Application Layer Protocol is 1234"
-
-run_test "ALPN: both, no common" \
- "$P_SRV debug_level=3 alpn=abc,123" \
- "$P_CLI debug_level=3 alpn=1234,abcde" \
- 1 \
- -c "client hello, adding alpn extension" \
- -s "found alpn extension" \
- -c "got an alert message, type: \\[2:120]" \
- -S "server hello, adding alpn extension" \
- -C "found alpn extension" \
- -C "Application Layer Protocol is 1234" \
- -S "Application Layer Protocol is 1234"
-
-
-# Tests for keyUsage in leaf certificates, part 1:
-# server-side certificate/suite selection
-
-run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
- "$P_SRV key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ds.crt" \
- "$P_CLI" \
- 0 \
- -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
-
-
-run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
- "$P_SRV key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ke.crt" \
- "$P_CLI" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-"
-
-run_test "keyUsage srv: RSA, keyAgreement -> fail" \
- "$P_SRV key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ka.crt" \
- "$P_CLI" \
- 1 \
- -C "Ciphersuite is "
-
-run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ds.crt" \
- "$P_CLI" \
- 0 \
- -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
-
-
-run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
- "$P_CLI" \
- 0 \
- -c "Ciphersuite is TLS-ECDH-"
-
-run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ke.crt" \
- "$P_CLI" \
- 1 \
- -C "Ciphersuite is "
-
-# Tests for keyUsage in leaf certificates, part 2:
-# client-side checking of server cert
-
-run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ds_ke.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ds_ke.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 1 \
- -c "bad certificate (usage extensions)" \
- -c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
- "$P_CLI debug_level=1 auth_mode=optional \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -c "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-" \
- -c "! Usage does not match the keyUsage extension"
-
-run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: DigitalSignature, RSA: fail" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
- "$P_CLI debug_level=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 1 \
- -c "bad certificate (usage extensions)" \
- -c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
-
-run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
- "$O_SRV -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
- "$P_CLI debug_level=1 auth_mode=optional \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -c "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-" \
- -c "! Usage does not match the keyUsage extension"
-
-# Tests for keyUsage in leaf certificates, part 3:
-# server-side checking of client cert
-
-run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
- 0 \
- -S "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
- 0 \
- -s "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
- "$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
- 1 \
- -s "bad certificate (usage extensions)" \
- -s "Processing of the Certificate handshake message failed"
-
-run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.ku-ds.crt" \
- 0 \
- -S "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.ku-ka.crt" \
- 0 \
- -s "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
-
-run_test "extKeyUsage srv: serverAuth -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-srv.crt" \
- "$P_CLI" \
- 0
-
-run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-srv.crt" \
- "$P_CLI" \
- 0
-
-run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-cs_any.crt" \
- "$P_CLI" \
- 0
-
-run_test "extKeyUsage srv: codeSign -> fail" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-cli.crt" \
- "$P_CLI" \
- 1
-
-# Tests for extendedKeyUsage, part 2: client-side checking of server cert
-
-run_test "extKeyUsage cli: serverAuth -> OK" \
- "$O_SRV -key data_files/server5.key \
- -cert data_files/server5.eku-srv.crt" \
- "$P_CLI debug_level=1" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
- "$O_SRV -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
- "$P_CLI debug_level=1" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
- "$O_SRV -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
- "$P_CLI debug_level=1" \
- 0 \
- -C "bad certificate (usage extensions)" \
- -C "Processing of the Certificate handshake message failed" \
- -c "Ciphersuite is TLS-"
-
-run_test "extKeyUsage cli: codeSign -> fail" \
- "$O_SRV -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
- "$P_CLI debug_level=1" \
- 1 \
- -c "bad certificate (usage extensions)" \
- -c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
-
-# Tests for extendedKeyUsage, part 3: server-side checking of client cert
-
-run_test "extKeyUsage cli-auth: clientAuth -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.eku-cli.crt" \
- 0 \
- -S "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
- 0 \
- -S "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
- 0 \
- -S "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
- 0 \
- -s "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
-
-run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
- "$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
- 1 \
- -s "bad certificate (usage extensions)" \
- -s "Processing of the Certificate handshake message failed"
-
-# Tests for DHM parameters loading
-
-run_test "DHM parameters: reference" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=3" \
- 0 \
- -c "value of 'DHM: P ' (2048 bits)" \
- -c "value of 'DHM: G ' (2 bits)"
-
-run_test "DHM parameters: other parameters" \
- "$P_SRV dhm_file=data_files/dhparams.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=3" \
- 0 \
- -c "value of 'DHM: P ' (1024 bits)" \
- -c "value of 'DHM: G ' (2 bits)"
-
-# Tests for DHM client-side size checking
-
-run_test "DHM size: server default, client default, OK" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server default, client 2048, OK" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=2048" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 1024, client default, OK" \
- "$P_SRV dhm_file=data_files/dhparams.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 1000, client default, rejected" \
- "$P_SRV dhm_file=data_files/dh.1000.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 1 \
- -c "DHM prime too short:"
-
-run_test "DHM size: server default, client 2049, rejected" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=2049" \
- 1 \
- -c "DHM prime too short:"
-
-# Tests for PSK callback
-
-run_test "PSK callback: psk, no callback" \
- "$P_SRV psk=abc123 psk_identity=foo" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
- 0 \
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: opaque psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
- 0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
- 0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: opaque psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
- 0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
- -c "using extended master secret"\
- -s "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
- 0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
- -c "using extended master secret"\
- -s "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 extended_ms=1" \
- 0 \
- -c "using extended master secret"\
- -s "using extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
- force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 extended_ms=1" \
- 0 \
- -c "using extended master secret"\
- -s "using extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "using extended master secret"\
- -s "using extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
- force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "using extended master secret"\
- -s "using extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "skip PMS generation for opaque PSK"\
- -C "using extended master secret"\
- -S "using extended master secret"\
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 1 \
- -s "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: no psk, no callback" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
- 1 \
- -s "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: callback overrides other settings" \
- "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
- 1 \
- -S "SSL - None of the common ciphersuites is usable" \
- -s "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: first id matches" \
- "$P_SRV psk_list=abc,dead,def,beef" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=abc psk=dead" \
- 0 \
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: second id matches" \
- "$P_SRV psk_list=abc,dead,def,beef" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: no match" \
- "$P_SRV psk_list=abc,dead,def,beef" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=ghi psk=beef" \
- 1 \
- -S "SSL - None of the common ciphersuites is usable" \
- -s "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: wrong key" \
- "$P_SRV psk_list=abc,dead,def,beef" \
- "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=abc psk=beef" \
- 1 \
- -S "SSL - None of the common ciphersuites is usable" \
- -S "SSL - Unknown identity received" \
- -s "SSL - Verification of the message MAC failed"
-
-# Tests for EC J-PAKE
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: client not configured" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3" \
- 0 \
- -C "add ciphersuite: c0ff" \
- -C "adding ecjpake_kkpp extension" \
- -S "found ecjpake kkpp extension" \
- -S "skip ecjpake kkpp extension" \
- -S "ciphersuite mismatch: ecjpake not configured" \
- -S "server hello, ecjpake kkpp extension" \
- -C "found ecjpake_kkpp extension" \
- -S "None of the common ciphersuites is usable"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: server not configured" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 ecjpake_pw=bla \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 1 \
- -c "add ciphersuite: c0ff" \
- -c "adding ecjpake_kkpp extension" \
- -s "found ecjpake kkpp extension" \
- -s "skip ecjpake kkpp extension" \
- -s "ciphersuite mismatch: ecjpake not configured" \
- -S "server hello, ecjpake kkpp extension" \
- -C "found ecjpake_kkpp extension" \
- -s "None of the common ciphersuites is usable"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: working, TLS" \
- "$P_SRV debug_level=3 ecjpake_pw=bla" \
- "$P_CLI debug_level=3 ecjpake_pw=bla \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 0 \
- -c "add ciphersuite: c0ff" \
- -c "adding ecjpake_kkpp extension" \
- -C "re-using cached ecjpake parameters" \
- -s "found ecjpake kkpp extension" \
- -S "skip ecjpake kkpp extension" \
- -S "ciphersuite mismatch: ecjpake not configured" \
- -s "server hello, ecjpake kkpp extension" \
- -c "found ecjpake_kkpp extension" \
- -S "None of the common ciphersuites is usable" \
- -S "SSL - Verification of the message MAC failed"
-
-server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: password mismatch, TLS" \
- "$P_SRV debug_level=3 ecjpake_pw=bla" \
- "$P_CLI debug_level=3 ecjpake_pw=bad \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 1 \
- -C "re-using cached ecjpake parameters" \
- -s "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: working, DTLS" \
- "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
- "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 0 \
- -c "re-using cached ecjpake parameters" \
- -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: working, DTLS, no cookie" \
- "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
- "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 0 \
- -C "re-using cached ecjpake parameters" \
- -S "SSL - Verification of the message MAC failed"
-
-server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: password mismatch, DTLS" \
- "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
- "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 1 \
- -c "re-using cached ecjpake parameters" \
- -s "SSL - Verification of the message MAC failed"
-
-# for tests with configs/config-thread.h
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test "ECJPAKE: working, DTLS, nolog" \
- "$P_SRV dtls=1 ecjpake_pw=bla" \
- "$P_CLI dtls=1 ecjpake_pw=bla \
- force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
- 0
-
-# Tests for ciphersuites per version
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: SSL3" \
- "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=ssl3" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.0" \
- "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1 arc4=1" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.1" \
- "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.2" \
- "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1_2" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
-
-# Test for ClientHello without extensions
-
-requires_gnutls
-run_test "ClientHello without extensions, SHA-1 allowed" \
- "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
- "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
- 0 \
- -s "dumping 'client hello extensions' (0 bytes)"
-
-requires_gnutls
-run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
- "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
- "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
- 0 \
- -s "dumping 'client hello extensions' (0 bytes)"
-
-# Tests for mbedtls_ssl_get_bytes_avail()
-
-run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
- "$P_SRV" \
- "$P_CLI request_size=100" \
- 0 \
- -s "Read from client: 100 bytes read$"
-
-run_test "mbedtls_ssl_get_bytes_avail: extra data" \
- "$P_SRV" \
- "$P_CLI request_size=500" \
- 0 \
- -s "Read from client: 500 bytes read (.*+.*)"
-
-# Tests for small client packets
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small client packet SSLv3 BlockCipher" \
- "$P_SRV min_version=ssl3" \
- "$P_CLI request_size=1 force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small client packet SSLv3 StreamCipher" \
- "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.0 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.0 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 AEAD" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-# Tests for small client packets in DTLS
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.0" \
- "$P_SRV dtls=1 force_version=dtls1" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.0, without EtM" \
- "$P_SRV dtls=1 force_version=dtls1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.0, truncated hmac" \
- "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
- "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
- "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.2" \
- "$P_SRV dtls=1 force_version=dtls1_2" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.2, without EtM" \
- "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.2, truncated hmac" \
- "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
- "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -s "Read from client: 1 bytes read"
-
-# Tests for small server packets
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small server packet SSLv3 BlockCipher" \
- "$P_SRV response_size=1 min_version=ssl3" \
- "$P_CLI force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small server packet SSLv3 StreamCipher" \
- "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.0 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.0 StreamCipher" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 StreamCipher" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 StreamCipher" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 AEAD" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-# Tests for small server packets in DTLS
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.0" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.0, without EtM" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.0, truncated hmac" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
- "$P_CLI dtls=1 trunc_hmac=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.2" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.2, without EtM" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.2, truncated hmac" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -c "Read from server: 1 bytes read"
-
-# A test for extensions in SSLv3
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "SSLv3 with extensions, server side" \
- "$P_SRV min_version=ssl3 debug_level=3" \
- "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
- 0 \
- -S "dumping 'client hello extensions'" \
- -S "server hello, total extension length:"
-
-# Test for large client packets
-
-# How many fragments do we expect to write $1 bytes?
-fragments_for_write() {
- echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
-}
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large client packet SSLv3 BlockCipher" \
- "$P_SRV min_version=ssl3" \
- "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large client packet SSLv3 StreamCipher" \
- "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.0 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.0 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 StreamCipher" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 AEAD" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-# Test for large server packets
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large server packet SSLv3 StreamCipher" \
- "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=ssl3 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-# Checking next 4 tests logs for 1n-1 split against BEAST too
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large server packet SSLv3 BlockCipher" \
- "$P_SRV response_size=16384 min_version=ssl3" \
- "$P_CLI force_version=ssl3 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.0 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.0 StreamCipher" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 StreamCipher" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 StreamCipher" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 AEAD" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-# Tests for restartable ECC
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, default" \
- "$P_SRV auth_mode=required" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1" \
- 0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=0" \
- "$P_SRV auth_mode=required" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=0" \
- 0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=65535" \
- "$P_SRV auth_mode=required" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=65535" \
- 0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000" \
- "$P_SRV auth_mode=required" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=1000" \
- 0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000, badsign" \
- "$P_SRV auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=1000" \
- 1 \
- -c "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -c "! mbedtls_ssl_handshake returned" \
- -c "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
- "$P_SRV auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=1000 auth_mode=optional" \
- 0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
- -c "! The certificate is not correctly signed by the trusted CA" \
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
- "$P_SRV auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- debug_level=1 ec_max_ops=1000 auth_mode=none" \
- 0 \
- -C "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
- -C "! The certificate is not correctly signed by the trusted CA" \
- -C "! mbedtls_ssl_handshake returned" \
- -C "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: DTLS, max_ops=1000" \
- "$P_SRV auth_mode=required dtls=1" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- dtls=1 debug_level=1 ec_max_ops=1000" \
- 0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000 no client auth" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- debug_level=1 ec_max_ops=1000" \
- 0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
- "$P_SRV psk=abc123" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- psk=abc123 debug_level=1 ec_max_ops=1000" \
- 0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
-
-# Tests of asynchronous private key support in SSL
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, delay=0" \
- "$P_SRV \
- async_operations=s async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, delay=1" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): call 0 more times." \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, delay=2" \
- "$P_SRV \
- async_operations=s async_private_delay1=2 async_private_delay2=2" \
- "$P_CLI" \
- 0 \
- -s "Async sign callback: using key slot " \
- -U "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): call 1 more times." \
- -s "Async resume (slot [0-9]): call 0 more times." \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
-# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "SSL async private: sign, RSA, TLS 1.1" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
- async_operations=s async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, SNI" \
- "$P_SRV debug_level=3 \
- async_operations=s async_private_delay1=0 async_private_delay2=0 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI server_name=polarssl.example" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0" \
- -s "parse ServerName extension" \
- -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
- -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt, delay=0" \
- "$P_SRV \
- async_operations=d async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt, delay=1" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): call 0 more times." \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt RSA-PSK, delay=0" \
- "$P_SRV psk=abc123 \
- async_operations=d async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI psk=abc123 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt RSA-PSK, delay=1" \
- "$P_SRV psk=abc123 \
- async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI psk=abc123 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): call 0 more times." \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign callback not present" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI; [ \$? -eq 1 ] &&
- $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -S "Async sign callback" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "The own private key or pre-shared key is not set, but needed" \
- -s "Async resume (slot [0-9]): decrypt done, status=0" \
- -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt callback not present" \
- "$P_SRV debug_level=1 \
- async_operations=s async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA;
- [ \$? -eq 1 ] && $P_CLI" \
- 0 \
- -S "Async decrypt callback" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "got no RSA private key" \
- -s "Async resume (slot [0-9]): sign done, status=0" \
- -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 from slot 0
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: slot 0 used with key1" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async sign callback: using key slot 0," \
- -s "Async resume (slot 0): call 0 more times." \
- -s "Async resume (slot 0): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 from slot 0
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: slot 0 used with key2" \
- "$P_SRV \
- async_operations=s async_private_delay2=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async sign callback: using key slot 0," \
- -s "Async resume (slot 0): call 0 more times." \
- -s "Async resume (slot 0): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 from slot 1
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: slot 1 used with key2" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async sign callback: using key slot 1," \
- -s "Async resume (slot 1): call 0 more times." \
- -s "Async resume (slot 1): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: fall back to transparent key" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
- "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async sign callback: no key matches this certificate."
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, error in start" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- async_private_error=1" \
- "$P_CLI" \
- 1 \
- -s "Async sign callback: injected error" \
- -S "Async resume" \
- -S "Async cancel" \
- -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, cancel after start" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- async_private_error=2" \
- "$P_CLI" \
- 1 \
- -s "Async sign callback: using key slot " \
- -S "Async resume" \
- -s "Async cancel"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, error in resume" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- async_private_error=3" \
- "$P_CLI" \
- 1 \
- -s "Async sign callback: using key slot " \
- -s "Async resume callback: sign done but injected error" \
- -S "Async cancel" \
- -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt, error in start" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1 \
- async_private_error=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 1 \
- -s "Async decrypt callback: injected error" \
- -S "Async resume" \
- -S "Async cancel" \
- -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt, cancel after start" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1 \
- async_private_error=2" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 1 \
- -s "Async decrypt callback: using key slot " \
- -S "Async resume" \
- -s "Async cancel"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt, error in resume" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1 \
- async_private_error=3" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 1 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume callback: decrypt done but injected error" \
- -S "Async cancel" \
- -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: cancel after start then operate correctly" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- async_private_error=-2" \
- "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
- 0 \
- -s "Async cancel" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "Async resume" \
- -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: error in resume then operate correctly" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- async_private_error=-3" \
- "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
- 0 \
- -s "! mbedtls_ssl_handshake returned" \
- -s "Async resume" \
- -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: cancel after start then fall back to transparent key" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_error=-2 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
- [ \$? -eq 1 ] &&
- $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async sign callback: using key slot 0" \
- -S "Async resume" \
- -s "Async cancel" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "Async sign callback: no key matches this certificate." \
- -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: sign, error in resume then fall back to transparent key" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_error=-3 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
- "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
- [ \$? -eq 1 ] &&
- $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async resume" \
- -s "! mbedtls_ssl_handshake returned" \
- -s "Async sign callback: no key matches this certificate." \
- -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "SSL async private: renegotiation: client-initiated; sign" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- exchanges=2 renegotiation=1" \
- "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "SSL async private: renegotiation: server-initiated; sign" \
- "$P_SRV \
- async_operations=s async_private_delay1=1 async_private_delay2=1 \
- exchanges=2 renegotiation=1 renegotiate=1" \
- "$P_CLI exchanges=2 renegotiation=1" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "SSL async private: renegotiation: client-initiated; decrypt" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1 \
- exchanges=2 renegotiation=1" \
- "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "SSL async private: renegotiation: server-initiated; decrypt" \
- "$P_SRV \
- async_operations=d async_private_delay1=1 async_private_delay2=1 \
- exchanges=2 renegotiation=1 renegotiate=1" \
- "$P_CLI exchanges=2 renegotiation=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-# Tests for ECC extensions (rfc 4492)
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-run_test "Force a non ECC ciphersuite in the client side" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -C "client hello, adding supported_elliptic_curves extension" \
- -C "client hello, adding supported_point_formats extension" \
- -S "found supported elliptic curves extension" \
- -S "found supported point formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-run_test "Force a non ECC ciphersuite in the server side" \
- "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
- "$P_CLI debug_level=3" \
- 0 \
- -C "found supported_point_formats extension" \
- -S "server hello, supported_point_formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test "Force an ECC ciphersuite in the client side" \
- "$P_SRV debug_level=3" \
- "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
- 0 \
- -c "client hello, adding supported_elliptic_curves extension" \
- -c "client hello, adding supported_point_formats extension" \
- -s "found supported elliptic curves extension" \
- -s "found supported point formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test "Force an ECC ciphersuite in the server side" \
- "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
- "$P_CLI debug_level=3" \
- 0 \
- -c "found supported_point_formats extension" \
- -s "server hello, supported_point_formats extension"
-
-# Tests for DTLS HelloVerifyRequest
-
-run_test "DTLS cookie: enabled" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -s "cookie verification failed" \
- -s "cookie verification passed" \
- -S "cookie verification skipped" \
- -c "received hello verify request" \
- -s "hello verification requested" \
- -S "SSL - The requested feature is not available"
-
-run_test "DTLS cookie: disabled" \
- "$P_SRV dtls=1 debug_level=2 cookies=0" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -S "cookie verification failed" \
- -S "cookie verification passed" \
- -s "cookie verification skipped" \
- -C "received hello verify request" \
- -S "hello verification requested" \
- -S "SSL - The requested feature is not available"
-
-run_test "DTLS cookie: default (failing)" \
- "$P_SRV dtls=1 debug_level=2 cookies=-1" \
- "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
- 1 \
- -s "cookie verification failed" \
- -S "cookie verification passed" \
- -S "cookie verification skipped" \
- -C "received hello verify request" \
- -S "hello verification requested" \
- -s "SSL - The requested feature is not available"
-
-requires_ipv6
-run_test "DTLS cookie: enabled, IPv6" \
- "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
- "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
- 0 \
- -s "cookie verification failed" \
- -s "cookie verification passed" \
- -S "cookie verification skipped" \
- -c "received hello verify request" \
- -s "hello verification requested" \
- -S "SSL - The requested feature is not available"
-
-run_test "DTLS cookie: enabled, nbio" \
- "$P_SRV dtls=1 nbio=2 debug_level=2" \
- "$P_CLI dtls=1 nbio=2 debug_level=2" \
- 0 \
- -s "cookie verification failed" \
- -s "cookie verification passed" \
- -S "cookie verification skipped" \
- -c "received hello verify request" \
- -s "hello verification requested" \
- -S "SSL - The requested feature is not available"
-
-# Tests for client reconnecting from the same port with DTLS
-
-not_with_valgrind # spurious resend
-run_test "DTLS client reconnect from same port: reference" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
- 0 \
- -C "resend" \
- -S "The operation timed out" \
- -S "Client initiated reconnection from same port"
-
-not_with_valgrind # spurious resend
-run_test "DTLS client reconnect from same port: reconnect" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
- 0 \
- -C "resend" \
- -S "The operation timed out" \
- -s "Client initiated reconnection from same port"
-
-not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
-run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
- 0 \
- -S "The operation timed out" \
- -s "Client initiated reconnection from same port"
-
-only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
-run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
- 0 \
- -S "The operation timed out" \
- -s "Client initiated reconnection from same port"
-
-run_test "DTLS client reconnect from same port: no cookies" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
- 0 \
- -s "The operation timed out" \
- -S "Client initiated reconnection from same port"
-
-# Tests for various cases of client authentication with DTLS
-# (focused on handshake flows and message parsing)
-
-run_test "DTLS client auth: required" \
- "$P_SRV dtls=1 auth_mode=required" \
- "$P_CLI dtls=1" \
- 0 \
- -s "Verifying peer X.509 certificate... ok"
-
-run_test "DTLS client auth: optional, client has no cert" \
- "$P_SRV dtls=1 auth_mode=optional" \
- "$P_CLI dtls=1 crt_file=none key_file=none" \
- 0 \
- -s "! Certificate was missing"
-
-run_test "DTLS client auth: none, client has no cert" \
- "$P_SRV dtls=1 auth_mode=none" \
- "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
- 0 \
- -c "skip write certificate$" \
- -s "! Certificate verification was skipped"
-
-run_test "DTLS wrong PSK: badmac alert" \
- "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
- "$P_CLI dtls=1 psk=abc124" \
- 1 \
- -s "SSL - Verification of the message MAC failed" \
- -c "SSL - A fatal alert message was received from our peer"
-
-# Tests for receiving fragmented handshake messages with DTLS
-
-requires_gnutls
-run_test "DTLS reassembly: no fragmentation (gnutls server)" \
- "$G_SRV -u --mtu 2048 -a" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_gnutls
-run_test "DTLS reassembly: some fragmentation (gnutls server)" \
- "$G_SRV -u --mtu 512" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_gnutls
-run_test "DTLS reassembly: more fragmentation (gnutls server)" \
- "$G_SRV -u --mtu 128" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_gnutls
-run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
- "$G_SRV -u --mtu 128" \
- "$P_CLI dtls=1 nbio=2 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
- "$G_SRV -u --mtu 256" \
- "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "mbedtls_ssl_handshake returned" \
- -C "error" \
- -s "Extra-header:"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
- "$G_SRV -u --mtu 256" \
- "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate" \
- -C "mbedtls_ssl_handshake returned" \
- -C "error" \
- -s "Extra-header:"
-
-run_test "DTLS reassembly: no fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 2048" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: some fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: more fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
- "$P_CLI dtls=1 nbio=2 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Tests for sending fragmented handshake messages with DTLS
-#
-# Use client auth when we need the client to send large messages,
-# and use large cert chains on both sides too (the long chains we have all use
-# both RSA and ECDSA, but ideally we should have long chains with either).
-# Sizes reached (UDP payload):
-# - 2037B for server certificate
-# - 1542B for client certificate
-# - 1013B for newsessionticket
-# - all others below 512B
-# All those tests assume MAX_CONTENT_LEN is at least 2048
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: none (for reference)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=4096" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=4096" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: server only (max_frag_len)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=2048" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# With the MFL extension, the server has no way of forcing
-# the client to not exceed a certain MTU; hence, the following
-# test can't be replicated with an MTU proxy such as the one
-# `client-initiated, server only (max_frag_len)` below.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=4096" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=2048" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=1024" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# While not required by the standard defining the MFL extension
-# (according to which it only applies to records, not to datagrams),
-# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
-# as otherwise there wouldn't be any means to communicate MTU restrictions
-# to the peer.
-# The next test checks that no datagrams significantly larger than the
-# negotiated MFL are sent.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
- -p "$P_PXY mtu=1110" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=2048" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=1024" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=2048" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=1024" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# While not required by the standard defining the MFL extension
-# (according to which it only applies to records, not to datagrams),
-# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
-# as otherwise there wouldn't be any means to communicate MTU restrictions
-# to the peer.
-# The next test checks that no datagrams significantly larger than the
-# negotiated MFL are sent.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
- -p "$P_PXY mtu=1110" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- max_frag_len=2048" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- max_frag_len=1024" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: none (for reference) (MTU)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- mtu=4096" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- mtu=4096" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: client (MTU)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=3500-60000 \
- mtu=4096" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=3500-60000 \
- mtu=1024" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: server (MTU)" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- mtu=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- mtu=2048" \
- 0 \
- -S "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: both (MTU=1024)" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- mtu=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=2500-60000 \
- mtu=1024" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: both (MTU=512)" \
- -p "$P_PXY mtu=512" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=2500-60000 \
- mtu=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=2500-60000 \
- mtu=512" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Test for automatic MTU reduction on repeated resend.
-# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
-# The ratio of max/min timeout should ideally equal 4 to accept two
-# retransmissions, but in some cases (like both the server and client using
-# fragmentation and auto-reduction) an extra retransmission might occur,
-# hence the ratio of 8.
-not_with_valgrind
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
- -p "$P_PXY mtu=508" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=400-3200" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=400-3200" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
-only_with_valgrind
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
- -p "$P_PXY mtu=508" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-10000" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=250-10000" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
-# OTOH the client might resend if the server is to slow to reset after sending
-# a HelloVerifyRequest, so only check for no retransmission server-side
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=10000-60000 \
- mtu=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=10000-60000 \
- mtu=1024" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
-# OTOH the client might resend if the server is to slow to reset after sending
-# a HelloVerifyRequest, so only check for no retransmission server-side
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
- -p "$P_PXY mtu=512" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=10000-60000 \
- mtu=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=10000-60000 \
- mtu=512" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=10000-60000 \
- mtu=1024 nbio=2" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=10000-60000 \
- mtu=1024 nbio=2" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
- -p "$P_PXY mtu=512" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=10000-60000 \
- mtu=512 nbio=2" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=10000-60000 \
- mtu=512 nbio=2" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
-# This ensures things still work after session_reset().
-# It also exercises the "resumed handshake" flow.
-# Since we don't support reading fragmented ClientHello yet,
-# up the MTU to 1450 (larger than ClientHello with session ticket,
-# but still smaller than client's Certificate to ensure fragmentation).
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-# reco_delay avoids races where the client reconnects before the server has
-# resumed listening, which would result in a spurious autoreduction.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
- -p "$P_PXY mtu=1450" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=10000-60000 \
- mtu=1450" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=10000-60000 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- mtu=1450 reconnect=1 reco_delay=1" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_CHACHAPOLY_C
-run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
- -p "$P_PXY mtu=512" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- exchanges=2 renegotiation=1 \
- hs_timeout=10000-60000 \
- mtu=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- exchanges=2 renegotiation=1 renegotiate=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=10000-60000 \
- mtu=512" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
- -p "$P_PXY mtu=512" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- exchanges=2 renegotiation=1 \
- hs_timeout=10000-60000 \
- mtu=512" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- exchanges=2 renegotiation=1 renegotiate=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=10000-60000 \
- mtu=512" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CCM_C
-run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- exchanges=2 renegotiation=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- exchanges=2 renegotiation=1 renegotiate=1 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
-run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- exchanges=2 renegotiation=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- exchanges=2 renegotiation=1 renegotiate=1 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
- -p "$P_PXY mtu=1024" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- exchanges=2 renegotiation=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- exchanges=2 renegotiation=1 renegotiate=1 \
- hs_timeout=10000-60000 \
- mtu=1024" \
- 0 \
- -S "autoreduction" \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-client_needs_more_time 2
-run_test "DTLS fragmenting: proxy MTU + 3d" \
- -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
- "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-10000 mtu=512" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=250-10000 mtu=512" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-client_needs_more_time 2
-run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
- -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
- "$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-10000 mtu=512 nbio=2" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- hs_timeout=250-10000 mtu=512 nbio=2" \
- 0 \
- -s "found fragmented DTLS handshake message" \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-# interop tests for DTLS fragmentating with reliable connection
-#
-# here and below we just want to test that the we fragment in a way that
-# pleases other implementations, so we don't need the peer to fragment
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_gnutls
-run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
- "$G_SRV -u" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1_2" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
- "$G_SRV -u" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-# We use --insecure for the GnuTLS client because it expects
-# the hostname / IP it connects to to be the name used in the
-# certificate obtained from the server. Here, however, it
-# connects to 127.0.0.1 while our test certificates use 'localhost'
-# as the server name in the certificate. This will make the
-# certifiate validation fail, but passing --insecure makes
-# GnuTLS continue the connection nonetheless.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_gnutls
-requires_not_i686
-run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1_2" \
- "$G_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
-# See previous test for the reason to use --insecure
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-requires_not_i686
-run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1" \
- "$G_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
- "$O_SRV -dtls1_2 -verify 10" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1_2" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
- "$O_SRV -dtls1 -verify 10" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1_2" \
- "$O_CLI -dtls1_2" \
- 0 \
- -s "fragmenting handshake message"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1" \
- "$O_CLI -dtls1" \
- 0 \
- -s "fragmenting handshake message"
-
-# interop tests for DTLS fragmentating with unreliable connection
-#
-# again we just want to test that the we fragment in a way that
-# pleases other implementations, so we don't need the peer to fragment
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$G_NEXT_SRV -u" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$G_NEXT_SRV -u" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
- "$G_NEXT_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- "$G_NEXT_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
-## Interop test with OpenSSL might trigger a bug in recent versions (including
-## all versions installed on the CI machines), reported here:
-## Bug report: https://github.com/openssl/openssl/issues/6902
-## They should be re-enabled once a fixed version of OpenSSL is available
-## (this should happen in some 1.1.1_ release according to the ticket).
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$O_SRV -dtls1_2 -verify 10" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$O_SRV -dtls1 -verify 10" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
- "$O_CLI -dtls1_2" \
- 0 \
- -s "fragmenting handshake message"
-
-# -nbio is added to prevent s_client from blocking in case of duplicated
-# messages at the end of the handshake
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- "$O_CLI -nbio -dtls1" \
- 0 \
- -s "fragmenting handshake message"
-
-# Tests for specific things with "unreliable" UDP connection
-
-not_with_valgrind # spurious resend due to timeout
-run_test "DTLS proxy: reference" \
- -p "$P_PXY" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -C "replayed record" \
- -S "replayed record" \
- -C "record from another epoch" \
- -S "record from another epoch" \
- -C "discarding invalid record" \
- -S "discarding invalid record" \
- -S "resend" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-not_with_valgrind # spurious resend due to timeout
-run_test "DTLS proxy: duplicate every packet" \
- -p "$P_PXY duplicate=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -c "replayed record" \
- -s "replayed record" \
- -c "record from another epoch" \
- -s "record from another epoch" \
- -S "resend" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
- -p "$P_PXY duplicate=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -c "replayed record" \
- -S "replayed record" \
- -c "record from another epoch" \
- -s "record from another epoch" \
- -c "resend" \
- -s "resend" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-run_test "DTLS proxy: multiple records in same datagram" \
- -p "$P_PXY pack=50" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -c "next record in same datagram" \
- -s "next record in same datagram"
-
-run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
- -p "$P_PXY pack=50 duplicate=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
- 0 \
- -c "next record in same datagram" \
- -s "next record in same datagram"
-
-run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
- -p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
- 0 \
- -c "discarding invalid record (mac)" \
- -s "discarding invalid record (mac)" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK" \
- -S "too many records with bad MAC" \
- -S "Verification of the message MAC failed"
-
-run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
- -p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
- 1 \
- -C "discarding invalid record (mac)" \
- -S "discarding invalid record (mac)" \
- -S "Extra-header:" \
- -C "HTTP/1.0 200 OK" \
- -s "too many records with bad MAC" \
- -s "Verification of the message MAC failed"
-
-run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
- -p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
- 0 \
- -c "discarding invalid record (mac)" \
- -s "discarding invalid record (mac)" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK" \
- -S "too many records with bad MAC" \
- -S "Verification of the message MAC failed"
-
-run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
- -p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
- 1 \
- -c "discarding invalid record (mac)" \
- -s "discarding invalid record (mac)" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK" \
- -s "too many records with bad MAC" \
- -s "Verification of the message MAC failed"
-
-run_test "DTLS proxy: delay ChangeCipherSpec" \
- -p "$P_PXY delay_ccs=1" \
- "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
- "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
- 0 \
- -c "record from another epoch" \
- -s "record from another epoch" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-# Tests for reordering support with DTLS
-
-run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
- -p "$P_PXY delay_srv=ServerHello" \
- "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -c "Buffering HS message" \
- -c "Next handshake message has been buffered - load"\
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load"\
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
- -p "$P_PXY delay_srv=ServerHello" \
- "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -c "Buffering HS message" \
- -c "found fragmented DTLS handshake message"\
- -c "Next handshake message 1 not or only partially bufffered" \
- -c "Next handshake message has been buffered - load"\
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load"\
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-# The client buffers the ServerKeyExchange before receiving the fragmented
-# Certificate message; at the time of writing, together these are aroudn 1200b
-# in size, so that the bound below ensures that the certificate can be reassembled
-# while keeping the ServerKeyExchange.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
-run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
- -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
- "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -c "Buffering HS message" \
- -c "Next handshake message has been buffered - load"\
- -C "attempt to make space by freeing buffered messages" \
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load"\
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-# The size constraints ensure that the delayed certificate message can't
-# be reassembled while keeping the ServerKeyExchange message, but it can
-# when dropping it first.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
-requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
-run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
- -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
- "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -c "Buffering HS message" \
- -c "attempt to make space by freeing buffered future messages" \
- -c "Enough space available after freeing buffered HS messages" \
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load"\
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
- -p "$P_PXY delay_cli=Certificate" \
- "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -C "Buffering HS message" \
- -C "Next handshake message has been buffered - load"\
- -s "Buffering HS message" \
- -s "Next handshake message has been buffered - load" \
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
- -p "$P_PXY delay_srv=NewSessionTicket" \
- "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -C "Buffering HS message" \
- -C "Next handshake message has been buffered - load"\
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load" \
- -c "Injecting buffered CCS message" \
- -c "Remember CCS message" \
- -S "Injecting buffered CCS message" \
- -S "Remember CCS message"
-
-run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
- -p "$P_PXY delay_cli=ClientKeyExchange" \
- "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -C "Buffering HS message" \
- -C "Next handshake message has been buffered - load"\
- -S "Buffering HS message" \
- -S "Next handshake message has been buffered - load" \
- -C "Injecting buffered CCS message" \
- -C "Remember CCS message" \
- -s "Injecting buffered CCS message" \
- -s "Remember CCS message"
-
-run_test "DTLS reordering: Buffer encrypted Finished message" \
- -p "$P_PXY delay_ccs=1" \
- "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- hs_timeout=2500-60000" \
- 0 \
- -s "Buffer record from epoch 1" \
- -s "Found buffered record from current epoch - load" \
- -c "Buffer record from epoch 1" \
- -c "Found buffered record from current epoch - load"
-
-# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
-# from the server are delayed, so that the encrypted Finished message
-# is received and buffered. When the fragmented NewSessionTicket comes
-# in afterwards, the encrypted Finished message must be freed in order
-# to make space for the NewSessionTicket to be reassembled.
-# This works only in very particular circumstances:
-# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
-# of the NewSessionTicket, but small enough to also allow buffering of
-# the encrypted Finished message.
-# - The MTU setting on the server must be so small that the NewSessionTicket
-# needs to be fragmented.
-# - All messages sent by the server must be small enough to be either sent
-# without fragmentation or be reassembled within the bounds of
-# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
-# handshake, omitting CRTs.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
-requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
-run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
- -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
- "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
- 0 \
- -s "Buffer record from epoch 1" \
- -s "Found buffered record from current epoch - load" \
- -c "Buffer record from epoch 1" \
- -C "Found buffered record from current epoch - load" \
- -c "Enough space available after freeing future epoch record"
-
-# Tests for "randomly unreliable connection": try a variety of flows and peers
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, FS, client auth" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, FS, ticket" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test "DTLS proxy: 3d, max handshake, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
- auth_mode=required" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
- 0 \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-run_test "DTLS proxy: 3d, min handshake, resumption" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 debug_level=3" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -s "a session has been resumed" \
- -c "a session has been resumed" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 debug_level=3 nbio=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
- 0 \
- -s "a session has been resumed" \
- -c "a session has been resumed" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- renegotiate=1 debug_level=2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- renegotiate=1 debug_level=2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
- debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- renegotiation=1 exchanges=4 debug_level=2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
- debug_level=2 nbio=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
- renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
- force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
- 0 \
- -c "=> renegotiate" \
- -s "=> renegotiate" \
- -s "Extra-header:" \
- -c "HTTP/1.0 200 OK"
-
-## Interop tests with OpenSSL might trigger a bug in recent versions (including
-## all versions installed on the CI machines), reported here:
-## Bug report: https://github.com/openssl/openssl/issues/6902
-## They should be re-enabled once a fixed version of OpenSSL is available
-## (this should happen in some 1.1.1_ release according to the ticket).
-skip_next_test
-client_needs_more_time 6
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, openssl server" \
- -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
- "$O_SRV -dtls1 -mtu 2048" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
- 0 \
- -c "HTTP/1.0 200 OK"
-
-skip_next_test # see above
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, openssl server, fragmentation" \
- -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
- "$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
- 0 \
- -c "HTTP/1.0 200 OK"
-
-skip_next_test # see above
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
- "$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
- 0 \
- -c "HTTP/1.0 200 OK"
-
-requires_gnutls
-client_needs_more_time 6
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, gnutls server" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$G_SRV -u --mtu 2048 -a" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
- 0 \
- -s "Extra-header:" \
- -c "Extra-header:"
-
-requires_gnutls_next
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$G_NEXT_SRV -u --mtu 512" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
- 0 \
- -s "Extra-header:" \
- -c "Extra-header:"
-
-requires_gnutls_next
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
- -p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$G_NEXT_SRV -u --mtu 512" \
- "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
- 0 \
- -s "Extra-header:" \
- -c "Extra-header:"
-
-# Final report
-
-echo "------------------------------------------------------------------------"
-
-if [ $FAILS = 0 ]; then
- printf "PASSED"
-else
- printf "FAILED"
-fi
-PASSES=$(( $TESTS - $FAILS ))
-echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
-
-exit $FAILS
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 269cdad..122a17d 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -116,6 +116,77 @@
} \
} while( 0 )
+/** Evaluate two expressions and fail the test case if they have different
+ * values.
+ *
+ * \param expr1 An expression to evaluate.
+ * \param expr2 The expected value of \p expr1. This can be any
+ * expression, but it is typically a constant.
+ */
+#define TEST_EQUAL( expr1, expr2 ) \
+ TEST_ASSERT( ( expr1 ) == ( expr2 ) )
+
+/** Evaluate an expression and fail the test case if it returns an error.
+ *
+ * \param expr The expression to evaluate. This is typically a call
+ * to a \c psa_xxx function that returns a value of type
+ * #psa_status_t.
+ */
+#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS )
+
+/** Allocate memory dynamically and fail the test case if this fails.
+ *
+ * You must set \p pointer to \c NULL before calling this macro and
+ * put `mbedtls_free( pointer )` in the test's cleanup code.
+ *
+ * If \p length is zero, the resulting \p pointer will be \c NULL.
+ * This is usually what we want in tests since API functions are
+ * supposed to accept null pointers when a buffer size is zero.
+ *
+ * This macro expands to an instruction, not an expression.
+ * It may jump to the \c exit label.
+ *
+ * \param pointer An lvalue where the address of the allocated buffer
+ * will be stored.
+ * This expression may be evaluated multiple times.
+ * \param length Number of elements to allocate.
+ * This expression may be evaluated multiple times.
+ *
+ */
+#define ASSERT_ALLOC( pointer, length ) \
+ do \
+ { \
+ TEST_ASSERT( ( pointer ) == NULL ); \
+ if( ( length ) != 0 ) \
+ { \
+ ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
+ ( length ) ); \
+ TEST_ASSERT( ( pointer ) != NULL ); \
+ } \
+ } \
+ while( 0 )
+
+/** Compare two buffers and fail the test case if they differ.
+ *
+ * This macro expands to an instruction, not an expression.
+ * It may jump to the \c exit label.
+ *
+ * \param p1 Pointer to the start of the first buffer.
+ * \param size1 Size of the first buffer in bytes.
+ * This expression may be evaluated multiple times.
+ * \param p2 Pointer to the start of the second buffer.
+ * \param size2 Size of the second buffer in bytes.
+ * This expression may be evaluated multiple times.
+ */
+#define ASSERT_COMPARE( p1, size1, p2, size2 ) \
+ do \
+ { \
+ TEST_ASSERT( ( size1 ) == ( size2 ) ); \
+ if( ( size1 ) != 0 ) \
+ TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \
+ } \
+ while( 0 )
+
#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
/**
* \brief This macro tests the statement passed to it as a test step or
@@ -222,6 +293,58 @@
mbedtls_exit( 1 ); \
}
+#if defined(__GNUC__)
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
+ * an array but not if it's a pointer. */
+#define IS_ARRAY_NOT_POINTER( arg ) \
+ ( ! __builtin_types_compatible_p( __typeof__( arg ), \
+ __typeof__( &( arg )[0] ) ) )
+#else
+/* On platforms where we don't know how to implement this check,
+ * omit it. Oh well, a non-portable check is better than nothing. */
+#define IS_ARRAY_NOT_POINTER( arg ) 1
+#endif
+
+/* A compile-time constant with the value 0. If `const_expr` is not a
+ * compile-time constant with a nonzero value, cause a compile-time error. */
+#define STATIC_ASSERT_EXPR( const_expr ) \
+ ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
+/* Return the scalar value `value` (possibly promoted). This is a compile-time
+ * constant if `value` is. `condition` must be a compile-time constant.
+ * If `condition` is false, arrange to cause a compile-time error. */
+#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
+ ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
+
+#define ARRAY_LENGTH_UNSAFE( array ) \
+ ( sizeof( array ) / sizeof( *( array ) ) )
+/** Return the number of elements of a static or stack array.
+ *
+ * \param array A value of array (not pointer) type.
+ *
+ * \return The number of elements of the array.
+ */
+#define ARRAY_LENGTH( array ) \
+ ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
+ ARRAY_LENGTH_UNSAFE( array ) ) )
+
+/** Return the smaller of two values.
+ *
+ * \param x An integer-valued expression without side effects.
+ * \param y An integer-valued expression without side effects.
+ *
+ * \return The smaller of \p x and \p y.
+ */
+#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
+
+/** Return the larger of two values.
+ *
+ * \param x An integer-valued expression without side effects.
+ * \param y An integer-valued expression without side effects.
+ *
+ * \return The larger of \p x and \p y.
+ */
+#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
+
/*
* 32-bit integer manipulation macros (big endian)
*/
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
deleted file mode 100644
index 7f747d0..0000000
--- a/tests/suites/test_suite_debug.data
+++ /dev/null
@@ -1,64 +0,0 @@
-Debug print msg (threshold 1, level 0)
-debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
-
-Debug print msg (threshold 1, level 1)
-debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
-
-Debug print msg (threshold 1, level 2)
-debug_print_msg_threshold:1:2:"MyFile":999:""
-
-Debug print msg (threshold 0, level 1)
-debug_print_msg_threshold:0:1:"MyFile":999:""
-
-Debug print msg (threshold 0, level 5)
-debug_print_msg_threshold:0:5:"MyFile":999:""
-
-Debug print return value #1
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n"
-
-Debug print return value #2
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n"
-
-Debug print return value #3
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n"
-
-Debug print buffer #1
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
-
-Debug print buffer #2
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
-
-Debug print buffer #3
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
-
-Debug print buffer #4
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
-
-Debug print buffer #5
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
-
-Debug print certificate #1 (RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
-
-Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
-
-Debug print mbedtls_mpi #1
-mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
-
-Debug print mbedtls_mpi #2
-mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
-
-Debug print mbedtls_mpi #3
-mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
-
-Debug print mbedtls_mpi #4
-mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #5
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #6
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
deleted file mode 100644
index 377d630..0000000
--- a/tests/suites/test_suite_debug.function
+++ /dev/null
@@ -1,195 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/debug.h"
-#include "string.h"
-
-struct buffer_data
-{
- char buf[2000];
- char *ptr;
-};
-
-void string_debug(void *data, int level, const char *file, int line, const char *str)
-{
- struct buffer_data *buffer = (struct buffer_data *) data;
- char *p = buffer->ptr;
- ((void) level);
-
- memcpy( p, file, strlen( file ) );
- p += strlen( file );
-
- *p++ = '(';
- *p++ = '0' + ( line / 1000 ) % 10;
- *p++ = '0' + ( line / 100 ) % 10;
- *p++ = '0' + ( line / 10 ) % 10;
- *p++ = '0' + ( line / 1 ) % 10;
- *p++ = ')';
- *p++ = ':';
- *p++ = ' ';
-
-#if defined(MBEDTLS_THREADING_C)
- /* Skip "thread ID" (up to the first space) as it is not predictable */
- while( *str++ != ' ' );
-#endif
-
- memcpy( p, str, strlen( str ) );
- p += strlen( str );
-
- /* Detect if debug messages output partial lines and mark them */
- if( p[-1] != '\n' )
- *p++ = '*';
-
- buffer->ptr = p;
-}
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void debug_print_msg_threshold( int threshold, int level, char * file,
- int line, char * result_str )
-{
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- struct buffer_data buffer;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
- buffer.ptr = buffer.buf;
-
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- mbedtls_debug_set_threshold( threshold );
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
- mbedtls_debug_print_msg( &ssl, level, file, line,
- "Text message, 2 == %d", 2 );
-
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
- char * result_str )
-{
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- struct buffer_data buffer;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
- buffer.ptr = buffer.buf;
-
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
- mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
-
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_debug_print_buf( char * file, int line, char * text,
- data_t * data, char * result_str )
-{
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- struct buffer_data buffer;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- memset( buffer.buf, 0, 2000 );
- buffer.ptr = buffer.buf;
-
-
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
- mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
-
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
- char * prefix, char * result_str )
-{
- mbedtls_x509_crt crt;
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- struct buffer_data buffer;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_x509_crt_init( &crt );
- memset( buffer.buf, 0, 2000 );
- buffer.ptr = buffer.buf;
-
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
-
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
- char * prefix, char * result_str )
-{
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- struct buffer_data buffer;
- mbedtls_mpi val;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_mpi_init( &val );
- memset( buffer.buf, 0, 2000 );
- buffer.ptr = buffer.buf;
-
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
-
- mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
- mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
-
- TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
- mbedtls_mpi_free( &val );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
new file mode 100644
index 0000000..65ac6d7
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -0,0 +1,2128 @@
+PSA compile-time sanity checks
+static_checks:
+
+PSA import/export raw: 0 bytes
+import_export:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_SUCCESS:1
+
+PSA import/export raw: 1 bytes
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:8:0:PSA_SUCCESS:1
+
+PSA import/export raw: 1 bytes, larger buffer
+import_export:"2a":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:8:1:PSA_SUCCESS:1
+
+PSA import/export raw: 2 bytes, buffer too small
+import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export AES-128
+depends_on:MBEDTLS_AES_C
+import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:128:0:PSA_SUCCESS:1
+
+PSA import/export AES-192
+depends_on:MBEDTLS_AES_C
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:192:0:PSA_SUCCESS:1
+
+PSA import/export AES-256
+depends_on:MBEDTLS_AES_C
+import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+
+PSA import to non empty key slot
+depends_on:MBEDTLS_AES_C
+import_key_nonempty_slot
+
+PSA export invalid handle (0)
+export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE
+
+PSA export invalid handle (smallest plausible handle)
+export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE
+
+PSA export invalid handle (largest plausible handle)
+export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
+
+PSA export a slot where there was some activity but no key material creation
+export_with_no_key_activity
+
+PSA setup cipher where there was some activity on key but no key material creation
+cipher_with_no_key_activity
+
+PSA export a slot after a failed import of a AES key
+depends_on:MBEDTLS_AES_C
+export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+
+PSA export a slot after a failed import of a RSA key
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C
+export_after_import_failure:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA export a slot after a failed import of an EC keypair
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_after_import_failure:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA setup cipher after a failed import of a AES key
+depends_on:MBEDTLS_AES_C
+cipher_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+
+PSA export RSA public key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+export_after_destroy_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY
+
+PSA export AES key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_AES_C
+export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES
+
+PSA export EC key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1)
+
+PSA import AES: bad key size
+depends_on:MBEDTLS_AES_C
+import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export RSA public key: good, 1024-bit
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (+1 byte)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2-1)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:161:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:162:PSA_SUCCESS:1
+
+PSA import/export RSA public key: good, larger buffer (*2+1)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:163:PSA_SUCCESS:1
+
+PSA import/export RSA public key: export buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export RSA keypair: good, 1024-bit
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (+1 byte)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2-1)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:609:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:610:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: good, larger buffer (*2+1)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:611:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: export buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export RSA keypair: trailing garbage ignored
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0
+
+PSA import RSA keypair: truncated
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import RSA keypair: public key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import RSA public key: key pair
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import RSA keypair: valid key but EC
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export-public RSA public key: good, 1024-bit
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA keypair: good, 1024-bit
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA public key: buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export-public RSA keypair: buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA import/export RSA public key: 1016-bit (good)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1
+
+PSA import/export RSA keypair: 1016-bit (good)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1
+
+PSA import RSA public key: 1022-bit (not supported)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+
+PSA import RSA keypair: 1022-bit (not supported)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+
+PSA import RSA public key: 1023-bit (not supported)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+
+PSA import RSA keypair: 1023-bit (not supported)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+
+PSA import/export EC secp224r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:224:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp224r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+
+PSA import/export EC secp256r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp256r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+
+PSA import/export EC secp384r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp384r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+
+PSA import/export EC secp521r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:521:0:PSA_SUCCESS:1
+
+PSA import/export-public EC secp521r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+
+PSA import/export EC brainpool256r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool256r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+
+PSA import/export EC brainpool384r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool384r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+
+PSA import/export EC brainpool512r1 key pair: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:512:0:PSA_SUCCESS:1
+
+PSA import/export-public EC brainpool512r1: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
+
+PSA import/export-public: cannot export-public a symmetric key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT:""
+
+PSA import/export EC secp256r1 public key: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+
+PSA import/export AES key: policy forbids export
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:128:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export HMAC key: policy forbids export
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:256:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export RSA keypair: policy forbids export (crypt)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export RSA keypair: policy forbids export (sign)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:1024:0:PSA_ERROR_NOT_PERMITTED:1
+
+# Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
+# extension which we may drop in the future.
+PSA import/export RSA public key: import PEM
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:0
+
+PSA import/export RSA keypair: import PEM
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:0
+
+PSA import EC keypair: DER format
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC keypair: public key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC keypair: secp256r1, all-bits-zero (bad)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC keypair: secp256r1, d == n - 1 (good)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_SUCCESS
+
+PSA import EC keypair: secp256r1, d == n (bad)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC keypair: secp256r1, d > n (bad)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC public key: key pair
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+# For consistency with ECpub as ECpair, RSApub as RSApair and RSApair as RSApub,
+# one would expect the status to be PSA_ERROR_INVALID_ARGUMENT. But the
+# Mbed TLS pkparse module returns MBEDTLS_ERR_PK_INVALID_ALG, I think because
+# it's looking for an OID where there is no OID.
+import:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_NOT_SUPPORTED
+
+PSA import EC keypair: valid key but RSA
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
+import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA import failure preserves policy
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+import_twice:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS
+
+PSA import RSA key pair: maximum size exceeded
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED
+
+PSA import RSA public key: maximum size exceeded
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED
+
+PSA key policy set and get
+key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
+
+Key policy initializers zero properly
+key_policy_init:
+
+PSA key policy: MAC, sign | verify
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key policy: MAC, wrong algorithm
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224)
+
+PSA key policy: MAC, sign but not verify
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key policy: MAC, verify but not sign
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key policy: MAC, neither sign nor verify
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key policy: cipher, encrypt | decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+
+PSA key policy: cipher, wrong algorithm
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
+cipher_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CBC_NO_PADDING
+
+PSA key policy: cipher, encrypt but not decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+
+PSA key policy: cipher, decrypt but not encrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+
+PSA key policy: cipher, neither encrypt nor decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_key_policy:0:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CTR
+
+PSA key policy: AEAD, encrypt | decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
+
+PSA key policy: AEAD, wrong algorithm
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM
+
+PSA key policy: AEAD, encrypt but not decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
+
+PSA key policy: AEAD, decrypt but not encrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
+
+PSA key policy: AEAD, neither encrypt nor decrypt
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_key_policy:0:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
+
+PSA key policy: asymmetric encryption, encrypt | decrypt
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, encrypt but not decrypt
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA key policy: asymmetric encryption, decrypt but not encrypt
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA key policy: asymmetric encryption, neither encrypt nor decrypt
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA key policy: asymmetric signature, sign | verify
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+
+PSA key policy: asymmetric signature, wrong algorithm family
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+
+PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+
+PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
+
+PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
+
+PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+
+PSA key policy: asymmetric signature, wrong hash algorithm
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+
+PSA key policy: asymmetric signature, sign but not verify
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+
+PSA key policy: asymmetric signature, verify but not sign
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+
+PSA key policy: asymmetric signature, neither sign nor verify
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+
+PSA key policy: derive via HKDF, permitted
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA key policy: derive via TLS 1.2 PRF, permitted
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
+
+PSA key policy: derive via HKDF, not permitted
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:0:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA key policy: derive via TLS 1.2 PRF, not permitted
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:0:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
+
+PSA key policy: derive via HKDF, wrong algorithm
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
+
+PSA key policy: derive via TLS 1.2 PRF, wrong algorithm
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
+
+PSA key policy: agreement, permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+
+PSA key policy: agreement, not permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+agreement_key_policy:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+
+PSA key policy: agreement, wrong algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW)
+
+Copy key: raw, 0 bytes
+copy_key_policy:0:0:PSA_KEY_TYPE_RAW_DATA:"":0:0:-1:-1:0:0
+
+Copy key: AES, same usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
+
+Copy key: AES, fewer usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, 1 more usage flag
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, 2 more usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, intersect usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, source=target, constraint with same usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
+
+Copy key: AES, source=target, constraint with fewer usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, source=target, constraint with 1 more usage flag
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, source=target, constraint with 2 more usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, source=target, constraint with different usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, permissive target, restrictive constraint
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: RSA key pair, same usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, fewer usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, more usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, intersect usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in source
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in target
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in source and target
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+Copy key: RSA key pair, wildcard in constraint
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+Copy key: RSA key pair, wildcard, restrictive constraint
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy fail: AES, incompatible target policy
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:-1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (source wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):-1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (target wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):-1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (source and target wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):-1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible constraint (wildcard on different base)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible constraint
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, ANY_HASH is not meaningful with OAEP
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):-1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Hash operation object initializers zero properly
+hash_operation_init:
+
+PSA hash setup: good, SHA-1
+depends_on:MBEDTLS_SHA1_C
+hash_setup:PSA_ALG_SHA_1:PSA_SUCCESS
+
+PSA hash setup: good, SHA-224
+depends_on:MBEDTLS_SHA256_C
+hash_setup:PSA_ALG_SHA_224:PSA_SUCCESS
+
+PSA hash setup: good, SHA-256
+depends_on:MBEDTLS_SHA256_C
+hash_setup:PSA_ALG_SHA_256:PSA_SUCCESS
+
+PSA hash setup: good, SHA-384
+depends_on:MBEDTLS_SHA512_C
+hash_setup:PSA_ALG_SHA_384:PSA_SUCCESS
+
+PSA hash setup: good, SHA-512
+depends_on:MBEDTLS_SHA512_C
+hash_setup:PSA_ALG_SHA_512:PSA_SUCCESS
+
+PSA hash setup: good, MD2
+depends_on:MBEDTLS_MD2_C
+hash_setup:PSA_ALG_MD2:PSA_SUCCESS
+
+PSA hash setup: good, MD4
+depends_on:MBEDTLS_MD4_C
+hash_setup:PSA_ALG_MD4:PSA_SUCCESS
+
+PSA hash setup: good, MD5
+depends_on:MBEDTLS_MD5_C
+hash_setup:PSA_ALG_MD5:PSA_SUCCESS
+
+PSA hash setup: good, RIPEMD160
+depends_on:MBEDTLS_RIPEMD160_C
+hash_setup:PSA_ALG_RIPEMD160:PSA_SUCCESS
+
+PSA hash setup: bad (unknown hash algorithm)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+hash_setup:PSA_ALG_CATEGORY_HASH:PSA_ERROR_NOT_SUPPORTED
+
+PSA hash setup: bad (wildcard instead of hash algorithm)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+hash_setup:PSA_ALG_ANY_HASH:PSA_ERROR_NOT_SUPPORTED
+
+PSA hash setup: bad (not a hash algorithm)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+hash_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
+
+PSA hash: bad order function calls
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+hash_bad_order:
+
+PSA hash verify: bad arguments
+hash_verify_bad_args:
+
+PSA hash finish: bad arguments
+hash_finish_bad_args:
+
+PSA hash clone: source state
+hash_clone_source_state:
+
+PSA hash clone: target state
+hash_clone_target_state:
+
+MAC operation object initializers zero properly
+mac_operation_init:
+
+PSA MAC setup: good, HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA MAC setup: good, AES-CMAC
+depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
+mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS
+
+PSA MAC setup: bad algorithm (unknown MAC algorithm)
+depends_on:MBEDTLS_MD_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC setup: bad algorithm (not a MAC algorithm)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT
+
+PSA MAC setup: truncated MAC too small (1 byte)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( PSA_ALG_SHA_256 ), 1 ):PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC setup: truncated MAC too large (33 bytes for SHA-256)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( PSA_ALG_SHA_256 ), 33 ):PSA_ERROR_INVALID_ARGUMENT
+
+PSA MAC setup: invalid key type, HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
+
+PSA MAC setup: incompatible key HMAC for CMAC
+depends_on:MBEDTLS_CMAC_C
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC: bad order function calls
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_bad_order:
+
+PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
+
+PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
+
+PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+
+PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+
+PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC verify: RFC4231 Test case 1 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_224):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44"
+
+PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_256):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"
+
+PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_384):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"
+
+PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_512):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737"
+
+PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea"
+
+PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe"
+
+PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27"
+
+PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb"
+
+PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_224):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a"
+
+PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_256):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b"
+
+PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_384):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb"
+
+PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_512):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd"
+
+PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e"
+
+PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54"
+
+PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952"
+
+PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598"
+
+PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-224
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
+
+PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"
+
+PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-384
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e"
+
+PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-512
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"
+
+PSA MAC sign: HMAC-SHA-224, truncated to 28 bytes (actual size)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC verify: HMAC-SHA-224, truncated to 28 bytes (actual size)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC sign: HMAC-SHA-512, truncated to 64 bytes (actual size)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC verify: HMAC-SHA-512, truncated to 64 bytes (actual size)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC sign: HMAC-SHA-224, truncated to 27 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
+
+PSA MAC verify: HMAC-SHA-224, truncated to 27 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
+
+PSA MAC sign: HMAC-SHA-512, truncated to 63 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
+
+PSA MAC verify: HMAC-SHA-512, truncated to 63 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
+
+PSA MAC sign: HMAC-SHA-224, truncated to 4 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":"896fb112"
+
+PSA MAC verify: HMAC-SHA-224, truncated to 4 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":"896fb112"
+
+PSA MAC sign: HMAC-SHA-512, truncated to 4 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde"
+
+PSA MAC verify: HMAC-SHA-512, truncated to 4 bytes
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde"
+
+PSA MAC sign: CMAC-AES-128
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC verify: CMAC-AES-128
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC sign: CMAC-AES-128, truncated to 16 bytes (actual size)
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC verify: CMAC-AES-128, truncated to 16 bytes (actual size)
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC sign: CMAC-AES-128, truncated to 15 bytes
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c8"
+
+PSA MAC verify: CMAC-AES-128, truncated to 15 bytes
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c8"
+
+PSA MAC sign: CMAC-AES-128, truncated to 4 bytes
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747"
+
+PSA MAC verify: CMAC-AES-128, truncated to 4 bytes
+depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747"
+
+Cipher operation object initializers zero properly
+cipher_operation_init:
+
+PSA cipher setup: good, AES-CTR
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_SUCCESS
+
+PSA cipher setup: bad algorithm (unknown cipher algorithm)
+depends_on:MBEDTLS_AES_C
+cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CATEGORY_CIPHER:PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher setup: bad algorithm (not a cipher algorithm)
+depends_on:MBEDTLS_AES_C
+cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
+
+PSA cipher setup: invalid key type, CTR
+depends_on:MBEDTLS_CIPHER_MODE_CTR
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher setup: incompatible key ARC4 for CTR
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+cipher_setup:PSA_KEY_TYPE_ARC4:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher: bad order function calls
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_bad_order:
+
+PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
+
+PSA symmetric encrypt: AES-CBC-PKCS#7, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
+
+PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
+
+PSA symmetric encrypt: AES-CBC-nopad, input too short
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric encrypt: AES-CTR, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+
+PSA symmetric encrypt: AES-CTR, 15 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
+
+PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
+
+PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
+
+PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
+
+PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
+
+PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
+
+PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
+
+PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
+
+PSA symmetric decrypt: AES-CTR, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
+
+PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
+
+PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_verify_output:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric encrypt/decrypt: AES-CBC-PKCS#7, 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+cipher_verify_output:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric encrypt/decrypt: AES-CBC-PKCS#7, 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+cipher_verify_output:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
+
+PSA symmetric encrypt/decrypt: AES-CTR
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 3+13 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 4+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+
+PSA symmetric encryption multipart: AES-CTR, 0+15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric encryption multipart: AES-CTR, 15+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric encryption multipart: AES-CTR, 0+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 3+13 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+
+PSA symmetric decryption multipart: AES-CTR, 0+15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric decryption multipart: AES-CTR, 15+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric decryption multipart: AES-CTR, 0+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric decryption multipart: AES-CTR, 16+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_verify_output_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":11
+
+PSA symmetric encrypt/decrypt multipart: AES-CBC-PKCS#7 padding, 4+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4
+
+PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS
+
+PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_SUCCESS
+
+PSA AEAD encrypt/decrypt: DES-CCM not supported
+depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD encrypt: AES-CCM, 23 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=6
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=8
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=10
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=12
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=14
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, T=16
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
+
+PSA AEAD decrypt: AES-CCM, 39 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-CCM, 40 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=6
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=8
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=10
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=12
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=14
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 24 bytes, T=16
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, invalid signature
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD decrypt: AES-CCM, invalid signature, T=4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD decrypt: AES-CCM, T=4, tag is truncated tag for T=16
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD decrypt: AES-CCM, invalid tag length 0
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD decrypt: AES-CCM, invalid tag length 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD decrypt: AES-CCM, invalid tag length 15
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 15 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD decrypt: AES-CCM, invalid tag length 18
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS
+
+PSA AEAD encrypt/decrypt, AES GCM, 19 bytes #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_SUCCESS
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1, T=4
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f"
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1, T=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a"
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1, T=16
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA AEAD decrypt, AES-GCM, 144 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, 144 bytes #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, 144 bytes, T=4
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, 144 bytes, T=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, 144 bytes, T=16
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, invalid signature
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD decrypt, AES-GCM, T=15 but passing 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD decrypt: AES-GCM, invalid tag length 0
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD decrypt: AES-GCM, invalid tag length 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD decrypt: AES-GCM, invalid tag length 18
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED
+
+PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
+signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+
+PSA signature size: RSA public key, 1024 bits, PKCS#1 v1.5 raw
+signature_size:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+
+PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 SHA-256
+signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128
+
+PSA signature size: RSA keypair, 1024 bits, PSS
+signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
+
+PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw
+signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+
+PSA signature size: RSA keypair, 1025 bits, PKCS#1 v1.5 raw
+signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129
+
+PSA import/exercise RSA keypair, PKCS#1 v1.5 raw
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+
+PSA import/exercise RSA keypair, PSS-SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
+
+PSA import/exercise RSA public key, PKCS#1 v1.5 raw
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+
+PSA import/exercise RSA public key, PSS-SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
+
+PSA import/exercise: ECP SECP256R1 keypair, ECDSA
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDSA_ANY
+
+PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 )
+
+PSA import/exercise: ECP SECP256R1 keypair, ECDH
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
+
+PSA sign: RSA PKCS#1 v1.5, raw
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
+
+PSA sign: RSA PKCS#1 v1.5 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA sign: deterministic ECDSA SECP256R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_deterministic:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+# Arguably the error should be INVALID_ARGUMENT, but NOT_SUPPORTED is simpler
+# to implement.
+sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
+
+PSA sign: RSA PKCS#1 v1.5 raw, input too large
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign: RSA PKCS#1 v1.5 SHA-256, output buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
+sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
+sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign: invalid key type, signing with a public key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign: invalid algorithm for ECC key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
+sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign/verify: RSA PKCS#1 v1.5, raw
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
+
+PSA sign/verify: RSA PKCS#1 v1.5 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+
+PSA sign/verify: RSA PSS SHA-256, 0 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
+
+PSA sign/verify: RSA PSS SHA-256, 32 bytes (hash size)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+
+PSA sign/verify: RSA PSS SHA-256, 129 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify: randomized ECDSA SECP256R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+
+PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
+
+PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: RSA PSS SHA-256, good signature, 0 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d"
+
+PSA verify: RSA PSS SHA-256, good signature, 32 bytes (hash size)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
+
+PSA verify: RSA PSS SHA-256, good signature, 129 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308"
+
+PSA verify: ECDSA SECP256R1, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+asymmetric_verify:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify with keypair: ECDSA SECP256R1, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: ECDSA SECP256R1, wrong signature of correct size
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify: invalid algorithm for ECC key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt: RSA PKCS#1 v1.5, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA OAEP-SHA-256, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA OAEP-SHA-256, good, with label
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00":128:PSA_SUCCESS
+
+PSA encrypt: RSA OAEP-SHA-384, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA OAEP-SHA-384, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA PKCS#1 v1.5, key pair
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA OAEP-SHA-256, key pair
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+
+PSA encrypt: RSA PKCS#1 v1.5, input too large
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt: RSA PKCS#1 v1.5: salt not allowed
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt: RSA OAEP-SHA-384, input too large
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt: invalid algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_SHA_256:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt: RSA PKCS#1 v1.5: invalid key type
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+
+PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #2
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":""
+
+PSA encrypt-decrypt: RSA OAEP-SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+
+PSA encrypt-decrypt: RSA OAEP-SHA-256, with label
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
+
+PSA encrypt-decrypt: RSA OAEP-SHA-384
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
+
+PSA decrypt: RSA PKCS#1 v1.5: good #1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+
+PSA decrypt: RSA PKCS#1 v1.5: good #2
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff"
+
+PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, output too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":""
+
+PSA decrypt: RSA OAEP-SHA-256, 0 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":""
+
+PSA decrypt: RSA OAEP-SHA-256, 0 bytes, with label
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":""
+
+PSA decrypt: RSA OAEP-SHA-256, 30 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+
+PSA decrypt: RSA OAEP-SHA-256, 30 bytes, with label
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+
+PSA decrypt: RSA OAEP-SHA-384, 30 bytes
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+
+PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING
+
+PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (empty)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING
+
+PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (same length)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING
+
+PSA decrypt: RSA PKCS#1 v1.5, invalid padding
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING
+
+PSA decrypt: RSA PKCS#1 v1.5: salt not allowed
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA OAEP-SHA-256, invalid padding
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING
+
+PSA decrypt: invalid algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA PKCS#1 v1.5, invalid key type (RSA public key)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA OAEP, invalid key type (RSA public key)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA PKCS#1 v1.5: invalid key type (AES)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396e":"":16:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA PKCS#1 v1.5, input too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA PKCS#1 v1.5, input too large
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA OAEP-SHA-256, input too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
+
+PSA decrypt: RSA OAEP-SHA-256, input too large
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
+
+Crypto generator initializers zero properly
+crypto_generator_init:
+
+PSA key derivation: HKDF-SHA-256, good case
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"":"":42:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-512, good case
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_512):"":"":42:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, bad key type
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS 1.2 PRF SHA-256, good case
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: not a key derivation algorithm (selection)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_SELECT_RAW:"":"":42:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: not a key derivation algorithm (HMAC)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: unsupported key derivation algorithm
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH):"":"":42:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: unsupported key derivation algorithm
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: invalid generator state ( double generate + read past capacity )
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+test_derive_invalid_generator_state:
+
+PSA key derivation: invalid generator state ( call read/get_capacity after init and abort )
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+test_derive_invalid_generator_tests:
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 32+10
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865"
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 0+42
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+41
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 41+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":""
+
+PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+40
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858"
+
+PSA key derivation: HKDF SHA-256, RFC5869 #2, output 82+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":""
+
+PSA key derivation: HKDF SHA-256, RFC5869 #3, output 42+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":""
+
+PSA key derivation: HKDF SHA-1, RFC5869 #4, output 42+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":""
+
+PSA key derivation: HKDF SHA-1, RFC5869 #5, output 82+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":""
+
+PSA key derivation: HKDF SHA-1, RFC5869 #6, output 42+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":""
+
+PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+
+# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
+PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
+
+PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
+
+PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+
+PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+
+PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
+
+PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
+
+PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
+
+PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+
+PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+
+PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
+
+# Test case manually extracted from debug output of TLS-PSK run
+# Label: "master secret"
+# Salt: Concatenation of ClientHello.Random and ServerHello.Random
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+
+PSA key derivation: HKDF SHA-256, request maximum capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+
+PSA key derivation: HKDF SHA-1, request maximum capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+
+PSA key derivation: HKDF SHA-256, request too much capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: HKDF SHA-1, request too much capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_ALG_HKDF(PSA_ALG_SHA_1):"":"":255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes)
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_setup:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"":"":100:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: over capacity 42: output 42+1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
+
+PSA key derivation: over capacity 42: output 41+2
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"65ff"
+
+PSA key derivation: over capacity 42: output 43+0
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":""
+
+PSA key derivation: over capacity 42: output 43+1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff"
+
+PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+
+PSA key derivation: HKDF SHA-256, read maximum capacity
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+
+PSA key derivation: HKDF SHA-256, exercise AES128-CTR
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: HKDF SHA-256, exercise AES256-CTR
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: HKDF SHA-256, exercise DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: HKDF SHA-256, exercise 2-key 3DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: HKDF SHA-256, exercise 3-key 3DES-CBC
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: HKDF SHA-256, exercise HMAC-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key derivation: HKDF SHA-256, exercise HKDF-SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+PSA key derivation: HKDF SHA-256, derive key, 16+32
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
+
+PSA key derivation: HKDF SHA-256, derive key, 1+41
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
+
+PSA key agreement setup: ECDH, raw: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+
+PSA key agreement setup: ECDH, raw: public key on different curve
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key agreement setup: ECDH, raw: public key instead of private key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key agreement setup: ECDH, unknown KDF
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_setup:PSA_ALG_ECDH(0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
+
+PSA key agreement setup: not a key agreement algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
+
+PSA key agreement: ECDH SECP256R1 with ECDH-only public key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
+
+PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
+
+PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
+
+PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
+
+PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
+
+PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
+
+PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
+
+PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
+
+PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
+
+PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
+
+PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
+PSA generate random: 0 bytes
+generate_random:0
+
+PSA generate random: 1 byte
+generate_random:1
+
+PSA generate random: 4 bytes
+generate_random:4
+
+PSA generate random: 16 bytes
+generate_random:16
+
+PSA generate random: 19 bytes
+generate_random:19
+
+PSA generate random: 260 bytes
+generate_random:260
+
+PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK)
+generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
+
+PSA generate key: bad type (RSA public key)
+generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
+
+PSA generate key: raw data, 0 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: raw data, 7 bits: invalid argument
+generate_key:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA generate key: raw data, 8 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: AES, 128 bits, CTR
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS
+
+PSA generate key: AES, 128 bits, GCM
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS
+
+PSA generate key: DES, 64 bits, CBC-nopad
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
+
+PSA generate key: DES, 128 bits, CBC-nopad
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+generate_key:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
+
+PSA generate key: DES, 192 bits, CBC-nopad
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+generate_key:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
+
+PSA generate key: invalid key size: AES, 64 bits
+depends_on:MBEDTLS_AES_C
+generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+
+PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+
+PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS
+
+PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA generate key: RSA, 1022 bits: not supported
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+
+PSA generate key: RSA, 1023 bits: not supported
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+
+PSA generate key: RSA, maximum size exceeded
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+
+PSA generate key: ECC, SECP256R1, good
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
+
+PSA generate key: ECC, SECP256R1, incorrect bit size
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
+generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+
+persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS
+
+PSA generate persistent key: raw data, 8 bits
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS
+
+PSA generate persistent key: AES, 128 bits, CTR
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS
+
+PSA generate persistent key: DES, 64 bits, CBC-nopad
+depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS
+
+PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS
+
+PSA generate persistent key: ECC, SECP256R1, good
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS
+
+PSA derive persistent key: HKDF SHA-256
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS
+
+PSA generate persistent key: AES, 128 bits, CTR
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
new file mode 100644
index 0000000..4cec118
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -0,0 +1,4865 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/oid.h"
+
+#include "psa/crypto.h"
+
+/** An invalid export length that will never be set by psa_export_key(). */
+static const size_t INVALID_EXPORT_LENGTH = ~0U;
+
+/* A hash algorithm that is known to be supported.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(MBEDTLS_MD2_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2
+#elif defined(MBEDTLS_MD4_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4
+#elif defined(MBEDTLS_MD5_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
+/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
+ * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
+ * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
+ * implausible anyway. */
+#elif defined(MBEDTLS_SHA1_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
+#elif defined(MBEDTLS_SHA256_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
+#elif defined(MBEDTLS_SHA512_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
+#elif defined(MBEDTLS_SHA3_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
+#else
+#undef KNOWN_SUPPORTED_HASH_ALG
+#endif
+
+/* A block cipher that is known to be supported.
+ *
+ * For simplicity's sake, stick to block ciphers with 16-byte blocks.
+ */
+#if defined(MBEDTLS_AES_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
+#elif defined(MBEDTLS_ARIA_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
+#elif defined(MBEDTLS_CAMELLIA_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
+#undef KNOWN_SUPPORTED_BLOCK_CIPHER
+#endif
+
+/* A MAC mode that is known to be supported.
+ *
+ * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
+ * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) )
+#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
+#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
+#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
+#else
+#undef KNOWN_SUPPORTED_MAC_ALG
+#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
+#endif
+
+/* A cipher algorithm and key type that are known to be supported.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
+#else
+#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
+#endif
+#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
+#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
+#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
+#elif defined(MBEDTLS_RC4_C)
+#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4
+#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4
+#else
+#undef KNOWN_SUPPORTED_CIPHER_ALG
+#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
+#endif
+
+/** Test if a buffer contains a constant byte value.
+ *
+ * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
+ *
+ * \param buffer Pointer to the beginning of the buffer.
+ * \param c Expected value of every byte.
+ * \param size Size of the buffer in bytes.
+ *
+ * \return 1 if the buffer is all-bits-zero.
+ * \return 0 if there is at least one nonzero byte.
+ */
+static int mem_is_char( void *buffer, unsigned char c, size_t size )
+{
+ size_t i;
+ for( i = 0; i < size; i++ )
+ {
+ if( ( (unsigned char *) buffer )[i] != c )
+ return( 0 );
+ }
+ return( 1 );
+}
+
+/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
+static int asn1_write_10x( unsigned char **p,
+ unsigned char *start,
+ size_t bits,
+ unsigned char x )
+{
+ int ret;
+ int len = bits / 8 + 1;
+ if( bits == 0 )
+ return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+ if( bits <= 8 && x >= 1 << ( bits - 1 ) )
+ return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+ if( *p < start || *p - start < (ptrdiff_t) len )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ *p -= len;
+ ( *p )[len-1] = x;
+ if( bits % 8 == 0 )
+ ( *p )[1] |= 1;
+ else
+ ( *p )[0] |= 1 << ( bits % 8 );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_INTEGER ) );
+ return( len );
+}
+
+static int construct_fake_rsa_key( unsigned char *buffer,
+ size_t buffer_size,
+ unsigned char **p,
+ size_t bits,
+ int keypair )
+{
+ size_t half_bits = ( bits + 1 ) / 2;
+ int ret;
+ int len = 0;
+ /* Construct something that looks like a DER encoding of
+ * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version,
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL
+ * }
+ * Or, for a public key, the same structure with only
+ * version, modulus and publicExponent.
+ */
+ *p = buffer + buffer_size;
+ if( keypair )
+ {
+ MBEDTLS_ASN1_CHK_ADD( len, /* pq */
+ asn1_write_10x( p, buffer, half_bits, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* dq */
+ asn1_write_10x( p, buffer, half_bits, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* dp */
+ asn1_write_10x( p, buffer, half_bits, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* q */
+ asn1_write_10x( p, buffer, half_bits, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
+ asn1_write_10x( p, buffer, half_bits, 3 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* d */
+ asn1_write_10x( p, buffer, bits, 1 ) );
+ }
+ MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
+ asn1_write_10x( p, buffer, 17, 1 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, /* n */
+ asn1_write_10x( p, buffer, bits, 1 ) );
+ if( keypair )
+ MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
+ mbedtls_asn1_write_int( p, buffer, 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
+ {
+ const unsigned char tag =
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
+ }
+ return( len );
+}
+
+int exercise_mac_setup( psa_key_type_t key_type,
+ const unsigned char *key_bytes,
+ size_t key_length,
+ psa_algorithm_t alg,
+ psa_mac_operation_t *operation,
+ psa_status_t *status )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, key_type, key_bytes, key_length ) );
+
+ *status = psa_mac_sign_setup( operation, handle, alg );
+ /* Whether setup succeeded or failed, abort must succeed. */
+ PSA_ASSERT( psa_mac_abort( operation ) );
+ /* If setup failed, reproduce the failure, so that the caller can
+ * test the resulting state of the operation object. */
+ if( *status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ),
+ *status );
+ }
+
+ psa_destroy_key( handle );
+ return( 1 );
+
+exit:
+ psa_destroy_key( handle );
+ return( 0 );
+}
+
+int exercise_cipher_setup( psa_key_type_t key_type,
+ const unsigned char *key_bytes,
+ size_t key_length,
+ psa_algorithm_t alg,
+ psa_cipher_operation_t *operation,
+ psa_status_t *status )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, key_type, key_bytes, key_length ) );
+
+ *status = psa_cipher_encrypt_setup( operation, handle, alg );
+ /* Whether setup succeeded or failed, abort must succeed. */
+ PSA_ASSERT( psa_cipher_abort( operation ) );
+ /* If setup failed, reproduce the failure, so that the caller can
+ * test the resulting state of the operation object. */
+ if( *status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ),
+ *status );
+ }
+
+ psa_destroy_key( handle );
+ return( 1 );
+
+exit:
+ psa_destroy_key( handle );
+ return( 0 );
+}
+
+static int exercise_mac_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ const unsigned char input[] = "foo";
+ unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
+ size_t mac_length = sizeof( mac );
+
+ if( usage & PSA_KEY_USAGE_SIGN )
+ {
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation,
+ input, sizeof( input ) ) );
+ PSA_ASSERT( psa_mac_sign_finish( &operation,
+ mac, sizeof( mac ),
+ &mac_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_VERIFY )
+ {
+ psa_status_t verify_status =
+ ( usage & PSA_KEY_USAGE_SIGN ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE );
+ PSA_ASSERT( psa_mac_verify_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation,
+ input, sizeof( input ) ) );
+ TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
+ verify_status );
+ }
+
+ return( 1 );
+
+exit:
+ psa_mac_abort( &operation );
+ return( 0 );
+}
+
+static int exercise_cipher_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ unsigned char iv[16] = {0};
+ size_t iv_length = sizeof( iv );
+ const unsigned char plaintext[16] = "Hello, world...";
+ unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
+ size_t ciphertext_length = sizeof( ciphertext );
+ unsigned char decrypted[sizeof( ciphertext )];
+ size_t part_length;
+
+ if( usage & PSA_KEY_USAGE_ENCRYPT )
+ {
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_cipher_generate_iv( &operation,
+ iv, sizeof( iv ),
+ &iv_length ) );
+ PSA_ASSERT( psa_cipher_update( &operation,
+ plaintext, sizeof( plaintext ),
+ ciphertext, sizeof( ciphertext ),
+ &ciphertext_length ) );
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ ciphertext + ciphertext_length,
+ sizeof( ciphertext ) - ciphertext_length,
+ &part_length ) );
+ ciphertext_length += part_length;
+ }
+
+ if( usage & PSA_KEY_USAGE_DECRYPT )
+ {
+ psa_status_t status;
+ psa_key_type_t type = PSA_KEY_TYPE_NONE;
+ if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
+ {
+ size_t bits;
+ TEST_ASSERT( psa_get_key_information( handle, &type, &bits ) );
+ iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
+ }
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, iv_length ) );
+ PSA_ASSERT( psa_cipher_update( &operation,
+ ciphertext, ciphertext_length,
+ decrypted, sizeof( decrypted ),
+ &part_length ) );
+ status = psa_cipher_finish( &operation,
+ decrypted + part_length,
+ sizeof( decrypted ) - part_length,
+ &part_length );
+ /* For a stream cipher, all inputs are valid. For a block cipher,
+ * if the input is some aribtrary data rather than an actual
+ ciphertext, a padding error is likely. */
+ if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
+ PSA_ASSERT( status );
+ else
+ TEST_ASSERT( status == PSA_SUCCESS ||
+ status == PSA_ERROR_INVALID_PADDING );
+ }
+
+ return( 1 );
+
+exit:
+ psa_cipher_abort( &operation );
+ return( 0 );
+}
+
+static int exercise_aead_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ unsigned char nonce[16] = {0};
+ size_t nonce_length = sizeof( nonce );
+ unsigned char plaintext[16] = "Hello, world...";
+ unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
+ size_t ciphertext_length = sizeof( ciphertext );
+ size_t plaintext_length = sizeof( ciphertext );
+
+ if( usage & PSA_KEY_USAGE_ENCRYPT )
+ {
+ PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ plaintext, sizeof( plaintext ),
+ ciphertext, sizeof( ciphertext ),
+ &ciphertext_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_DECRYPT )
+ {
+ psa_status_t verify_status =
+ ( usage & PSA_KEY_USAGE_ENCRYPT ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ ciphertext, ciphertext_length,
+ plaintext, sizeof( plaintext ),
+ &plaintext_length ),
+ verify_status );
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+static int exercise_signature_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ size_t payload_length = 16;
+ unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ size_t signature_length = sizeof( signature );
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+
+ /* If the policy allows signing with any hash, just pick one. */
+ if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+ {
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+ hash_alg = KNOWN_SUPPORTED_HASH_ALG;
+ alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
+#else
+ test_fail( "No hash algorithm for hash-and-sign testing", __LINE__, __FILE__ );
+ return( 1 );
+#endif
+ }
+
+ if( usage & PSA_KEY_USAGE_SIGN )
+ {
+ /* Some algorithms require the payload to have the size of
+ * the hash encoded in the algorithm. Use this input size
+ * even for algorithms that allow other input sizes. */
+ if( hash_alg != 0 )
+ payload_length = PSA_HASH_SIZE( hash_alg );
+ PSA_ASSERT( psa_asymmetric_sign( handle, alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_VERIFY )
+ {
+ psa_status_t verify_status =
+ ( usage & PSA_KEY_USAGE_SIGN ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL( psa_asymmetric_verify( handle, alg,
+ payload, payload_length,
+ signature, signature_length ),
+ verify_status );
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+static int exercise_asymmetric_encryption_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ unsigned char plaintext[256] = "Hello, world...";
+ unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
+ size_t ciphertext_length = sizeof( ciphertext );
+ size_t plaintext_length = 16;
+
+ if( usage & PSA_KEY_USAGE_ENCRYPT )
+ {
+ PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ plaintext, plaintext_length,
+ NULL, 0,
+ ciphertext, sizeof( ciphertext ),
+ &ciphertext_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_DECRYPT )
+ {
+ psa_status_t status =
+ psa_asymmetric_decrypt( handle, alg,
+ ciphertext, ciphertext_length,
+ NULL, 0,
+ plaintext, sizeof( plaintext ),
+ &plaintext_length );
+ TEST_ASSERT( status == PSA_SUCCESS ||
+ ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
+ ( status == PSA_ERROR_INVALID_ARGUMENT ||
+ status == PSA_ERROR_INVALID_PADDING ) ) );
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+static int exercise_key_derivation_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ unsigned char label[16] = "This is a label.";
+ size_t label_length = sizeof( label );
+ unsigned char seed[16] = "abcdefghijklmnop";
+ size_t seed_length = sizeof( seed );
+ unsigned char output[1];
+
+ if( usage & PSA_KEY_USAGE_DERIVE )
+ {
+ PSA_ASSERT( psa_key_derivation( &generator,
+ handle, alg,
+ label, label_length,
+ seed, seed_length,
+ sizeof( output ) ) );
+ PSA_ASSERT( psa_generator_read( &generator,
+ output,
+ sizeof( output ) ) );
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+/* We need two keys to exercise key agreement. Exercise the
+ * private key against its own public key. */
+static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg )
+{
+ psa_key_type_t private_key_type;
+ psa_key_type_t public_key_type;
+ size_t key_bits;
+ uint8_t *public_key = NULL;
+ size_t public_key_length;
+ /* Return GENERIC_ERROR if something other than the final call to
+ * psa_key_agreement fails. This isn't fully satisfactory, but it's
+ * good enough: callers will report it as a failed test anyway. */
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ PSA_ASSERT( psa_get_key_information( handle,
+ &private_key_type,
+ &key_bits ) );
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
+ public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
+ ASSERT_ALLOC( public_key, public_key_length );
+ PSA_ASSERT( psa_export_public_key( handle,
+ public_key, public_key_length,
+ &public_key_length ) );
+
+ status = psa_key_agreement( generator, handle,
+ public_key, public_key_length,
+ alg );
+exit:
+ mbedtls_free( public_key );
+ return( status );
+}
+
+static int exercise_key_agreement_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ unsigned char output[1];
+ int ok = 0;
+
+ if( usage & PSA_KEY_USAGE_DERIVE )
+ {
+ /* We need two keys to exercise key agreement. Exercise the
+ * private key against its own public key. */
+ PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) );
+ PSA_ASSERT( psa_generator_read( &generator,
+ output,
+ sizeof( output ) ) );
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+ }
+ ok = 1;
+
+exit:
+ return( ok );
+}
+
+static int is_oid_of_key_type( psa_key_type_t type,
+ const uint8_t *oid, size_t oid_length )
+{
+ const uint8_t *expected_oid = NULL;
+ size_t expected_oid_length = 0;
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ {
+ expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
+ expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( type ) )
+ {
+ expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
+ expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+ {
+ char message[40];
+ mbedtls_snprintf( message, sizeof( message ),
+ "OID not known for key type=0x%08lx",
+ (unsigned long) type );
+ test_fail( message, __LINE__, __FILE__ );
+ return( 0 );
+ }
+
+ ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
+ size_t min_bits, size_t max_bits,
+ int must_be_odd )
+{
+ size_t len;
+ size_t actual_bits;
+ unsigned char msb;
+ TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len,
+ MBEDTLS_ASN1_INTEGER ),
+ 0 );
+ /* Tolerate a slight departure from DER encoding:
+ * - 0 may be represented by an empty string or a 1-byte string.
+ * - The sign bit may be used as a value bit. */
+ if( ( len == 1 && ( *p )[0] == 0 ) ||
+ ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
+ {
+ ++( *p );
+ --len;
+ }
+ if( min_bits == 0 && len == 0 )
+ return( 1 );
+ msb = ( *p )[0];
+ TEST_ASSERT( msb != 0 );
+ actual_bits = 8 * ( len - 1 );
+ while( msb != 0 )
+ {
+ msb >>= 1;
+ ++actual_bits;
+ }
+ TEST_ASSERT( actual_bits >= min_bits );
+ TEST_ASSERT( actual_bits <= max_bits );
+ if( must_be_odd )
+ TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
+ *p += len;
+ return( 1 );
+exit:
+ return( 0 );
+}
+
+static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
+ size_t *len,
+ unsigned char n, unsigned char tag )
+{
+ int ret;
+ ret = mbedtls_asn1_get_tag( p, end, len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
+ if( ret != 0 )
+ return( ret );
+ end = *p + *len;
+ ret = mbedtls_asn1_get_tag( p, end, len, tag );
+ if( ret != 0 )
+ return( ret );
+ if( *p + *len != end )
+ return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ return( 0 );
+}
+
+static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
+ uint8_t *exported, size_t exported_length )
+{
+ if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
+ TEST_EQUAL( exported_length, ( bits + 7 ) / 8 );
+ else
+ TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
+
+#if defined(MBEDTLS_DES_C)
+ if( type == PSA_KEY_TYPE_DES )
+ {
+ /* Check the parity bits. */
+ unsigned i;
+ for( i = 0; i < bits / 8; i++ )
+ {
+ unsigned bit_count = 0;
+ unsigned m;
+ for( m = 1; m <= 0x100; m <<= 1 )
+ {
+ if( exported[i] & m )
+ ++bit_count;
+ }
+ TEST_ASSERT( bit_count % 2 != 0 );
+ }
+ }
+ else
+#endif
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
+ if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ uint8_t *p = exported;
+ uint8_t *end = exported + exported_length;
+ size_t len;
+ /* RSAPrivateKey ::= SEQUENCE {
+ * version INTEGER, -- must be 0
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * }
+ */
+ TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED ), 0 );
+ TEST_EQUAL( p + len, end );
+ if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ goto exit;
+ /* Require d to be at least half the size of n. */
+ if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
+ goto exit;
+ /* Require p and q to be at most half the size of n, rounded up. */
+ if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ goto exit;
+ TEST_EQUAL( p, end );
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+ {
+ /* Just the secret value */
+ TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+
+ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
+ {
+ uint8_t *p = exported;
+ uint8_t *end = exported + exported_length;
+ size_t len;
+#if defined(MBEDTLS_RSA_C)
+ if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
+ {
+ /* RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ */
+ TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED ),
+ 0 );
+ TEST_EQUAL( p + len, end );
+ if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ goto exit;
+ if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ goto exit;
+ TEST_EQUAL( p, end );
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
+ {
+ /* The representation of an ECC public key is:
+ * - The byte 0x04;
+ * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - where m is the bit size associated with the curve.
+ */
+ TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end );
+ TEST_EQUAL( p[0], 4 );
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+ {
+ char message[47];
+ mbedtls_snprintf( message, sizeof( message ),
+ "No sanity check for public key type=0x%08lx",
+ (unsigned long) type );
+ test_fail( message, __LINE__, __FILE__ );
+ return( 0 );
+ }
+ }
+ else
+
+ {
+ /* No sanity checks for other types */
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+
+static int exercise_export_key( psa_key_handle_t handle,
+ psa_key_usage_t usage )
+{
+ psa_key_type_t type;
+ size_t bits;
+ uint8_t *exported = NULL;
+ size_t exported_size = 0;
+ size_t exported_length = 0;
+ int ok = 0;
+
+ PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
+
+ if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
+ ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
+ {
+ TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
+ PSA_ERROR_NOT_PERMITTED );
+ return( 1 );
+ }
+
+ exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
+ ASSERT_ALLOC( exported, exported_size );
+
+ PSA_ASSERT( psa_export_key( handle,
+ exported, exported_size,
+ &exported_length ) );
+ ok = exported_key_sanity_check( type, bits, exported, exported_length );
+
+exit:
+ mbedtls_free( exported );
+ return( ok );
+}
+
+static int exercise_export_public_key( psa_key_handle_t handle )
+{
+ psa_key_type_t type;
+ psa_key_type_t public_type;
+ size_t bits;
+ uint8_t *exported = NULL;
+ size_t exported_size = 0;
+ size_t exported_length = 0;
+ int ok = 0;
+
+ PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
+ if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
+ {
+ TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ return( 1 );
+ }
+
+ public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
+ exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
+ ASSERT_ALLOC( exported, exported_size );
+
+ PSA_ASSERT( psa_export_public_key( handle,
+ exported, exported_size,
+ &exported_length ) );
+ ok = exported_key_sanity_check( public_type, bits,
+ exported, exported_length );
+
+exit:
+ mbedtls_free( exported );
+ return( ok );
+}
+
+/** Do smoke tests on a key.
+ *
+ * Perform one of each operation indicated by \p alg (decrypt/encrypt,
+ * sign/verify, or derivation) that is permitted according to \p usage.
+ * \p usage and \p alg should correspond to the expected policy on the
+ * key.
+ *
+ * Export the key if permitted by \p usage, and check that the output
+ * looks sensible. If \p usage forbids export, check that
+ * \p psa_export_key correctly rejects the attempt. If the key is
+ * asymmetric, also check \p psa_export_public_key.
+ *
+ * If the key fails the tests, this function calls the test framework's
+ * `test_fail` function and returns false. Otherwise this function returns
+ * true. Therefore it should be used as follows:
+ * ```
+ * if( ! exercise_key( ... ) ) goto exit;
+ * ```
+ *
+ * \param handle The key to exercise. It should be capable of performing
+ * \p alg.
+ * \param usage The usage flags to assume.
+ * \param alg The algorithm to exercise.
+ *
+ * \retval 0 The key failed the smoke tests.
+ * \retval 1 The key passed the smoke tests.
+ */
+static int exercise_key( psa_key_handle_t handle,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg )
+{
+ int ok;
+ if( alg == 0 )
+ ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
+ else if( PSA_ALG_IS_MAC( alg ) )
+ ok = exercise_mac_key( handle, usage, alg );
+ else if( PSA_ALG_IS_CIPHER( alg ) )
+ ok = exercise_cipher_key( handle, usage, alg );
+ else if( PSA_ALG_IS_AEAD( alg ) )
+ ok = exercise_aead_key( handle, usage, alg );
+ else if( PSA_ALG_IS_SIGN( alg ) )
+ ok = exercise_signature_key( handle, usage, alg );
+ else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
+ ok = exercise_asymmetric_encryption_key( handle, usage, alg );
+ else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
+ ok = exercise_key_derivation_key( handle, usage, alg );
+ else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+ ok = exercise_key_agreement_key( handle, usage, alg );
+ else
+ {
+ char message[40];
+ mbedtls_snprintf( message, sizeof( message ),
+ "No code to exercise alg=0x%08lx",
+ (unsigned long) alg );
+ test_fail( message, __LINE__, __FILE__ );
+ ok = 0;
+ }
+
+ ok = ok && exercise_export_key( handle, usage );
+ ok = ok && exercise_export_public_key( handle );
+
+ return( ok );
+}
+
+static psa_key_usage_t usage_to_exercise( psa_key_type_t type,
+ psa_algorithm_t alg )
+{
+ if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
+ {
+ return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
+ PSA_KEY_USAGE_VERIFY :
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ }
+ else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
+ PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
+ {
+ return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ }
+ else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
+ PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+ {
+ return( PSA_KEY_USAGE_DERIVE );
+ }
+ else
+ {
+ return( 0 );
+ }
+
+}
+
+/* An overapproximation of the amount of storage needed for a key of the
+ * given type and with the given content. The API doesn't make it easy
+ * to find a good value for the size. The current implementation doesn't
+ * care about the value anyway. */
+#define KEY_BITS_FROM_DATA( type, data ) \
+ ( data )->len
+
+typedef enum {
+ IMPORT_KEY = 0,
+ GENERATE_KEY = 1,
+ DERIVE_KEY = 2
+} generate_method;
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void static_checks( )
+{
+ size_t max_truncated_mac_size =
+ PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
+
+ /* Check that the length for a truncated MAC always fits in the algorithm
+ * encoding. The shifted mask is the maximum truncated value. The
+ * untruncated algorithm may be one byte larger. */
+ TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import( data_t *data, int type, int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ status = psa_import_key( handle, type, data->x, data->len );
+ TEST_EQUAL( status, expected_status );
+ if( status == PSA_SUCCESS )
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_twice( int alg_arg, int usage_arg,
+ int type1_arg, data_t *data1,
+ int expected_import1_status_arg,
+ int type2_arg, data_t *data2,
+ int expected_import2_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_usage_t usage = usage_arg;
+ psa_key_type_t type1 = type1_arg;
+ psa_status_t expected_import1_status = expected_import1_status_arg;
+ psa_key_type_t type2 = type2_arg;
+ psa_status_t expected_import2_status = expected_import2_status_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ status = psa_import_key( handle, type1, data1->x, data1->len );
+ TEST_EQUAL( status, expected_import1_status );
+ status = psa_import_key( handle, type2, data2->x, data2->len );
+ TEST_EQUAL( status, expected_import2_status );
+
+ if( expected_import1_status == PSA_SUCCESS ||
+ expected_import2_status == PSA_SUCCESS )
+ {
+ if( ! exercise_key( handle, usage, alg ) )
+ goto exit;
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ size_t bits = bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status;
+ psa_key_type_t type =
+ keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+ size_t buffer_size = /* Slight overapproximations */
+ keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
+ unsigned char *buffer = NULL;
+ unsigned char *p;
+ int ret;
+ size_t length;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( buffer, buffer_size );
+
+ TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
+ bits, keypair ) ) >= 0 );
+ length = ret;
+
+ /* Try importing the key */
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ status = psa_import_key( handle, type, p, length );
+ TEST_EQUAL( status, expected_status );
+ if( status == PSA_SUCCESS )
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
+exit:
+ mbedtls_free( buffer );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_export( data_t *data,
+ int type_arg,
+ int alg_arg,
+ int usage_arg,
+ int expected_bits,
+ int export_size_delta,
+ int expected_export_status_arg,
+ int canonical_input )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_export_status = expected_export_status_arg;
+ psa_status_t status;
+ unsigned char *exported = NULL;
+ unsigned char *reexported = NULL;
+ size_t export_size;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+ size_t reexported_length;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ export_size = (ptrdiff_t) data->len + export_size_delta;
+ ASSERT_ALLOC( exported, export_size );
+ if( ! canonical_input )
+ ASSERT_ALLOC( reexported, export_size );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, usage_arg, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data->x, data->len ) );
+
+ /* Test the key information */
+ PSA_ASSERT( psa_get_key_information( handle,
+ &got_type,
+ &got_bits ) );
+ TEST_EQUAL( got_type, type );
+ TEST_EQUAL( got_bits, (size_t) expected_bits );
+
+ /* Export the key */
+ status = psa_export_key( handle,
+ exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, expected_export_status );
+
+ /* The exported length must be set by psa_export_key() to a value between 0
+ * and export_size. On errors, the exported length must be 0. */
+ TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
+ TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
+ TEST_ASSERT( exported_length <= export_size );
+
+ TEST_ASSERT( mem_is_char( exported + exported_length, 0,
+ export_size - exported_length ) );
+ if( status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( exported_length, 0 );
+ goto destroy;
+ }
+
+ if( ! exercise_export_key( handle, usage_arg ) )
+ goto exit;
+
+ if( canonical_input )
+ ASSERT_COMPARE( data->x, data->len, exported, exported_length );
+ else
+ {
+ psa_key_handle_t handle2;
+ PSA_ASSERT( psa_allocate_key( &handle2 ) );
+ PSA_ASSERT( psa_set_key_policy( handle2, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle2, type,
+ exported,
+ exported_length ) );
+ PSA_ASSERT( psa_export_key( handle2,
+ reexported,
+ export_size,
+ &reexported_length ) );
+ ASSERT_COMPARE( exported, exported_length,
+ reexported, reexported_length );
+ PSA_ASSERT( psa_close_key( handle2 ) );
+ }
+ TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
+
+destroy:
+ /* Destroy the key */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
+ PSA_ERROR_INVALID_HANDLE );
+
+exit:
+ mbedtls_free( exported );
+ mbedtls_free( reexported );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_key_nonempty_slot( )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
+ psa_status_t status;
+ const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 };
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data, sizeof( data ) ) );
+
+ /* Import the key again */
+ status = psa_import_key( handle, type, data, sizeof( data ) );
+ TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_invalid_handle( int handle, int expected_export_status_arg )
+{
+ psa_status_t status;
+ unsigned char *exported = NULL;
+ size_t export_size = 0;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+ psa_status_t expected_export_status = expected_export_status_arg;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Export the key */
+ status = psa_export_key( (psa_key_handle_t) handle,
+ exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, expected_export_status );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_with_no_key_activity( )
+{
+ psa_key_handle_t handle = 0;
+ psa_algorithm_t alg = PSA_ALG_CTR;
+ psa_status_t status;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ unsigned char *exported = NULL;
+ size_t export_size = 0;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ /* Export the key */
+ status = psa_export_key( handle,
+ exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_with_no_key_activity( )
+{
+ psa_key_handle_t handle = 0;
+ psa_status_t status;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ int exercise_alg = PSA_ALG_CTR;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ psa_cipher_abort( &operation );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_after_import_failure( data_t *data, int type_arg,
+ int expected_import_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_status_t status;
+ unsigned char *exported = NULL;
+ size_t export_size = 0;
+ psa_status_t expected_import_status = expected_import_status_arg;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+
+ /* Import the key - expect failure */
+ status = psa_import_key( handle, type,
+ data->x, data->len );
+ TEST_EQUAL( status, expected_import_status );
+
+ /* Export the key */
+ status = psa_export_key( handle,
+ exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_after_import_failure( data_t *data, int type_arg,
+ int expected_import_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_type_t type = type_arg;
+ psa_status_t status;
+ psa_status_t expected_import_status = expected_import_status_arg;
+ int exercise_alg = PSA_ALG_CTR;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+
+ /* Import the key - expect failure */
+ status = psa_import_key( handle, type,
+ data->x, data->len );
+ TEST_EQUAL( status, expected_import_status );
+
+ status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
+ TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ psa_cipher_abort( &operation );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_after_destroy_key( data_t *data, int type_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_status_t status;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_algorithm_t alg = PSA_ALG_CTR;
+ unsigned char *exported = NULL;
+ size_t export_size = 0;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ export_size = (ptrdiff_t) data->len;
+ ASSERT_ALLOC( exported, export_size );
+
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data->x, data->len ) );
+
+ PSA_ASSERT( psa_export_key( handle, exported, export_size,
+ &exported_length ) );
+
+ /* Destroy the key */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
+ /* Export the key */
+ status = psa_export_key( handle, exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, PSA_ERROR_INVALID_HANDLE );
+
+exit:
+ mbedtls_free( exported );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_export_public_key( data_t *data,
+ int type_arg,
+ int alg_arg,
+ int export_size_delta,
+ int expected_export_status_arg,
+ data_t *expected_public_key )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_export_status = expected_export_status_arg;
+ psa_status_t status;
+ unsigned char *exported = NULL;
+ size_t export_size = expected_public_key->len + export_size_delta;
+ size_t exported_length = INVALID_EXPORT_LENGTH;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data->x, data->len ) );
+
+ /* Export the public key */
+ ASSERT_ALLOC( exported, export_size );
+ status = psa_export_public_key( handle,
+ exported, export_size,
+ &exported_length );
+ TEST_EQUAL( status, expected_export_status );
+ if( status == PSA_SUCCESS )
+ {
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
+ size_t bits;
+ PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
+ TEST_ASSERT( expected_public_key->len <=
+ PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
+ ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
+ exported, exported_length );
+ }
+
+exit:
+ mbedtls_free( exported );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_and_exercise_key( data_t *data,
+ int type_arg,
+ int bits_arg,
+ int alg_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ size_t bits = bits_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_usage_t usage = usage_to_exercise( type, alg );
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ /* Import the key */
+ status = psa_import_key( handle, type, data->x, data->len );
+ PSA_ASSERT( status );
+
+ /* Test the key information */
+ PSA_ASSERT( psa_get_key_information( handle,
+ &got_type,
+ &got_bits ) );
+ TEST_EQUAL( got_type, type );
+ TEST_EQUAL( got_bits, bits );
+
+ /* Do something with the key according to its type and permitted usage. */
+ if( ! exercise_key( handle, usage, alg ) )
+ goto exit;
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_policy( int usage_arg, int alg_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_usage_t usage = usage_arg;
+ psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+ unsigned char key[32] = {0};
+ psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
+
+ memset( key, 0x2a, sizeof( key ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy_set, usage, alg );
+
+ TEST_EQUAL( psa_key_policy_get_usage( &policy_set ), usage );
+ TEST_EQUAL( psa_key_policy_get_algorithm( &policy_set ), alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key, sizeof( key ) ) );
+
+ PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
+
+ TEST_EQUAL( policy_get.usage, policy_set.usage );
+ TEST_EQUAL( policy_get.alg, policy_set.alg );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_policy_init( )
+{
+ /* Test each valid way of initializing the object, except for `= {0}`, as
+ * Clang 5 complains when `-Wmissing-field-initializers` is used, even
+ * though it's OK by the C standard. We could test for this, but we'd need
+ * to supress the Clang warning for the test. */
+ psa_key_policy_t func = psa_key_policy_init( );
+ psa_key_policy_t init = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t zero;
+
+ memset( &zero, 0, sizeof( zero ) );
+
+ /* A default key policy should not permit any usage. */
+ TEST_EQUAL( psa_key_policy_get_usage( &func ), 0 );
+ TEST_EQUAL( psa_key_policy_get_usage( &init ), 0 );
+ TEST_EQUAL( psa_key_policy_get_usage( &zero ), 0 );
+
+ /* A default key policy should not permit any algorithm. */
+ TEST_EQUAL( psa_key_policy_get_algorithm( &func ), 0 );
+ TEST_EQUAL( psa_key_policy_get_algorithm( &init ), 0 );
+ TEST_EQUAL( psa_key_policy_get_algorithm( &zero ), 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status;
+ unsigned char mac[PSA_MAC_MAX_SIZE];
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = psa_mac_sign_setup( &operation, handle, exercise_alg );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ psa_mac_abort( &operation );
+
+ memset( mac, 0, sizeof( mac ) );
+ status = psa_mac_verify_setup( &operation, handle, exercise_alg );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ psa_cipher_abort( &operation );
+
+ status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_cipher_abort( &operation );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int nonce_length_arg,
+ int tag_length_arg,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t status;
+ unsigned char nonce[16] = {0};
+ size_t nonce_length = nonce_length_arg;
+ unsigned char tag[16];
+ size_t tag_length = tag_length_arg;
+ size_t output_length;
+
+ TEST_ASSERT( nonce_length <= sizeof( nonce ) );
+ TEST_ASSERT( tag_length <= sizeof( tag ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = psa_aead_encrypt( handle, exercise_alg,
+ nonce, nonce_length,
+ NULL, 0,
+ NULL, 0,
+ tag, tag_length,
+ &output_length );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ memset( tag, 0, sizeof( tag ) );
+ status = psa_aead_decrypt( handle, exercise_alg,
+ nonce, nonce_length,
+ NULL, 0,
+ tag, tag_length,
+ NULL, 0,
+ &output_length );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
+ TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encryption_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t status;
+ size_t key_bits;
+ size_t buffer_length;
+ unsigned char *buffer = NULL;
+ size_t output_length;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ PSA_ASSERT( psa_get_key_information( handle,
+ NULL,
+ &key_bits ) );
+ buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
+ exercise_alg );
+ ASSERT_ALLOC( buffer, buffer_length );
+
+ status = psa_asymmetric_encrypt( handle, exercise_alg,
+ NULL, 0,
+ NULL, 0,
+ buffer, buffer_length,
+ &output_length );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ if( buffer_length != 0 )
+ memset( buffer, 0, buffer_length );
+ status = psa_asymmetric_decrypt( handle, exercise_alg,
+ buffer, buffer_length,
+ NULL, 0,
+ buffer, buffer_length,
+ &output_length );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
+ TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( buffer );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_signature_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg,
+ int payload_length_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t status;
+ unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
+ * compatible with the policy and `payload_length_arg` is supposed to be
+ * a valid input length to sign. If `payload_length_arg <= 0`,
+ * `exercise_alg` is supposed to be forbidden by the policy. */
+ int compatible_alg = payload_length_arg > 0;
+ size_t payload_length = compatible_alg ? payload_length_arg : 0;
+ unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ size_t signature_length;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = psa_asymmetric_sign( handle, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length );
+ if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ memset( signature, 0, sizeof( signature ) );
+ status = psa_asymmetric_verify( handle, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ) );
+ if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
+ TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type,
+ data_t *key_data,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = psa_key_derivation( &generator, handle,
+ exercise_alg,
+ NULL, 0,
+ NULL, 0,
+ 1 );
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void agreement_key_policy( int policy_usage,
+ int policy_alg,
+ int key_type_arg,
+ data_t *key_data,
+ int exercise_alg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ status = key_agreement_with_self( &generator, handle, exercise_alg );
+
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_key_policy( int source_usage_arg, int source_alg_arg,
+ int type_arg, data_t *material,
+ int target_usage_arg, int target_alg_arg,
+ int constraint_usage_arg, int constraint_alg_arg,
+ int expected_usage_arg, int expected_alg_arg )
+{
+ psa_key_usage_t source_usage = source_usage_arg;
+ psa_algorithm_t source_alg = source_alg_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t source_type = type_arg;
+ size_t source_bits;
+ psa_key_usage_t target_usage = target_usage_arg;
+ psa_algorithm_t target_alg = target_alg_arg;
+ psa_key_handle_t target_handle = 0;
+ psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t target_type;
+ size_t target_bits;
+ psa_key_usage_t constraint_usage = constraint_usage_arg;
+ psa_algorithm_t constraint_alg = constraint_alg_arg;
+ psa_key_policy_t constraint = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t *p_constraint = NULL;
+ psa_key_usage_t expected_usage = expected_usage_arg;
+ psa_algorithm_t expected_alg = expected_alg_arg;
+ uint8_t *export_buffer = NULL;
+
+ if( constraint_usage_arg != -1 )
+ {
+ p_constraint = &constraint;
+ psa_key_policy_set_usage( p_constraint,
+ constraint_usage, constraint_alg );
+ }
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Populate the source slot. */
+ PSA_ASSERT( psa_allocate_key( &source_handle ) );
+ psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
+ PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
+ PSA_ASSERT( psa_import_key( source_handle, source_type,
+ material->x, material->len ) );
+ PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+
+ /* Prepare the target slot. */
+ PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
+ PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
+ target_policy = psa_key_policy_init();
+
+ /* Copy the key. */
+ PSA_ASSERT( psa_copy_key( source_handle, target_handle, p_constraint ) );
+
+ /* Destroy the source to ensure that this doesn't affect the target. */
+ PSA_ASSERT( psa_destroy_key( source_handle ) );
+
+ /* Test that the target slot has the expected content and policy. */
+ PSA_ASSERT( psa_get_key_information( target_handle,
+ &target_type, &target_bits ) );
+ TEST_EQUAL( source_type, target_type );
+ TEST_EQUAL( source_bits, target_bits );
+ PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
+ TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) );
+ TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) );
+ if( expected_usage & PSA_KEY_USAGE_EXPORT )
+ {
+ size_t length;
+ ASSERT_ALLOC( export_buffer, material->len );
+ PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ material->len, &length ) );
+ ASSERT_COMPARE( material->x, material->len,
+ export_buffer, length );
+ }
+ if( ! exercise_key( target_handle, expected_usage, expected_alg ) )
+ goto exit;
+
+ PSA_ASSERT( psa_close_key( target_handle ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( export_buffer );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_fail( int source_usage_arg, int source_alg_arg,
+ int type_arg, data_t *material,
+ int target_usage_arg, int target_alg_arg,
+ int constraint_usage_arg, int constraint_alg_arg,
+ int expected_status_arg )
+{
+ /* Test copy failure into an empty slot. There is a test for copy failure
+ * into an occupied slot in
+ * test_suite_psa_crypto_slot_management.function. */
+
+ psa_key_usage_t source_usage = source_usage_arg;
+ psa_algorithm_t source_alg = source_alg_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t source_type = type_arg;
+ size_t source_bits;
+ psa_key_usage_t target_usage = target_usage_arg;
+ psa_algorithm_t target_alg = target_alg_arg;
+ psa_key_handle_t target_handle = 0;
+ psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t target_type;
+ size_t target_bits;
+ psa_key_usage_t constraint_usage = constraint_usage_arg;
+ psa_algorithm_t constraint_alg = constraint_alg_arg;
+ psa_key_policy_t constraint = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t *p_constraint = NULL;
+ psa_status_t expected_status = expected_status_arg;
+
+ if( constraint_usage_arg != -1 )
+ {
+ p_constraint = &constraint;
+ psa_key_policy_set_usage( p_constraint,
+ constraint_usage, constraint_alg );
+ }
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Populate the source slot. */
+ PSA_ASSERT( psa_allocate_key( &source_handle ) );
+ psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
+ PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
+ PSA_ASSERT( psa_import_key( source_handle, source_type,
+ material->x, material->len ) );
+ PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+
+ /* Prepare the target slot. */
+ PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
+ PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
+ target_policy = psa_key_policy_init();
+
+ /* Copy the key. */
+ TEST_EQUAL( psa_copy_key( source_handle, target_handle, p_constraint ),
+ expected_status );
+
+ /* Test that the target slot is unaffected. */
+ TEST_EQUAL( psa_get_key_information( target_handle,
+ &target_type, &target_bits ),
+ PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
+ TEST_EQUAL( target_usage, psa_key_policy_get_usage( &target_policy ) );
+ TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &target_policy ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_operation_init( )
+{
+ const uint8_t input[1] = { 0 };
+ /* Test each valid way of initializing the object, except for `= {0}`, as
+ * Clang 5 complains when `-Wmissing-field-initializers` is used, even
+ * though it's OK by the C standard. We could test for this, but we'd need
+ * to supress the Clang warning for the test. */
+ psa_hash_operation_t func = psa_hash_operation_init( );
+ psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t zero;
+
+ memset( &zero, 0, sizeof( zero ) );
+
+ /* A freshly-initialized hash operation should not be usable. */
+ TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+
+ /* A default hash operation should be abortable without error. */
+ PSA_ASSERT( psa_hash_abort( &func ) );
+ PSA_ASSERT( psa_hash_abort( &init ) );
+ PSA_ASSERT( psa_hash_abort( &zero ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_setup( int alg_arg,
+ int expected_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_status_t status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ status = psa_hash_setup( &operation, alg );
+ TEST_EQUAL( status, expected_status );
+
+ /* Whether setup succeeded or failed, abort must succeed. */
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* If setup failed, reproduce the failure, so as to
+ * test the resulting state of the operation object. */
+ if( status != PSA_SUCCESS )
+ TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
+
+ /* Now the operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+ PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+#endif
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_bad_order( )
+{
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ unsigned char input[] = "";
+ /* SHA-256 hash of an empty string */
+ const unsigned char valid_hash[] = {
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
+ 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
+ unsigned char hash[sizeof(valid_hash)] = { 0 };
+ size_t hash_len;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Call setup twice in a row. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( psa_hash_setup( &operation, alg ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call update without calling setup beforehand. */
+ TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call update after finish. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ) );
+ TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call verify without calling setup beforehand. */
+ TEST_EQUAL( psa_hash_verify( &operation,
+ valid_hash, sizeof( valid_hash ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call verify after finish. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ) );
+ TEST_EQUAL( psa_hash_verify( &operation,
+ valid_hash, sizeof( valid_hash ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call verify twice in a row. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_verify( &operation,
+ valid_hash, sizeof( valid_hash ) ) );
+ TEST_EQUAL( psa_hash_verify( &operation,
+ valid_hash, sizeof( valid_hash ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call finish without calling setup beforehand. */
+ TEST_EQUAL( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call finish twice in a row. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ) );
+ TEST_EQUAL( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+ /* Call finish after calling verify. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_verify( &operation,
+ valid_hash, sizeof( valid_hash ) ) );
+ TEST_EQUAL( psa_hash_finish( &operation,
+ hash, sizeof( hash ), &hash_len ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void hash_verify_bad_args( )
+{
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
+ * appended to it */
+ unsigned char hash[] = {
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
+ 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
+ size_t expected_size = PSA_HASH_SIZE( alg );
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* psa_hash_verify with a smaller hash than expected */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* psa_hash_verify with a non-matching hash */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* psa_hash_verify with a hash longer than expected */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void hash_finish_bad_args( )
+{
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+ size_t expected_size = PSA_HASH_SIZE( alg );
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t hash_len;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* psa_hash_finish with a smaller hash buffer than expected */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( psa_hash_finish( &operation,
+ hash, expected_size - 1, &hash_len ),
+ PSA_ERROR_BUFFER_TOO_SMALL );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void hash_clone_source_state( )
+{
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+ psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
+ size_t hash_len;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_hash_setup( &op_source, alg ) );
+
+ PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
+ PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
+ PSA_ASSERT( psa_hash_finish( &op_finished,
+ hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
+ PSA_ASSERT( psa_hash_abort( &op_aborted ) );
+
+ TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ),
+ PSA_ERROR_BAD_STATE );
+
+ PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) );
+ PSA_ASSERT( psa_hash_finish( &op_init,
+ hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) );
+ PSA_ASSERT( psa_hash_finish( &op_finished,
+ hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) );
+ PSA_ASSERT( psa_hash_finish( &op_aborted,
+ hash, sizeof( hash ), &hash_len ) );
+
+exit:
+ psa_hash_abort( &op_source );
+ psa_hash_abort( &op_init );
+ psa_hash_abort( &op_setup );
+ psa_hash_abort( &op_finished );
+ psa_hash_abort( &op_aborted );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void hash_clone_target_state( )
+{
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+ psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
+ size_t hash_len;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
+ PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
+ PSA_ASSERT( psa_hash_finish( &op_finished,
+ hash, sizeof( hash ), &hash_len ) );
+ PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
+ PSA_ASSERT( psa_hash_abort( &op_aborted ) );
+
+ PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) );
+ PSA_ASSERT( psa_hash_finish( &op_target,
+ hash, sizeof( hash ), &hash_len ) );
+
+ TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ),
+ PSA_ERROR_BAD_STATE );
+
+exit:
+ psa_hash_abort( &op_target );
+ psa_hash_abort( &op_init );
+ psa_hash_abort( &op_setup );
+ psa_hash_abort( &op_finished );
+ psa_hash_abort( &op_aborted );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_operation_init( )
+{
+ const uint8_t input[1] = { 0 };
+
+ /* Test each valid way of initializing the object, except for `= {0}`, as
+ * Clang 5 complains when `-Wmissing-field-initializers` is used, even
+ * though it's OK by the C standard. We could test for this, but we'd need
+ * to supress the Clang warning for the test. */
+ psa_mac_operation_t func = psa_mac_operation_init( );
+ psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t zero;
+
+ memset( &zero, 0, sizeof( zero ) );
+
+ /* A freshly-initialized MAC operation should not be usable. */
+ TEST_EQUAL( psa_mac_update( &func,
+ input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_mac_update( &init,
+ input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_mac_update( &zero,
+ input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+
+ /* A default MAC operation should be abortable without error. */
+ PSA_ASSERT( psa_mac_abort( &func ) );
+ PSA_ASSERT( psa_mac_abort( &init ) );
+ PSA_ASSERT( psa_mac_abort( &zero ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_setup( int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ int expected_status_arg )
+{
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+ const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+#endif
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
+ &operation, &status ) )
+ goto exit;
+ TEST_EQUAL( status, expected_status );
+
+ /* The operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+ if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
+ smoke_test_key_data,
+ sizeof( smoke_test_key_data ),
+ KNOWN_SUPPORTED_MAC_ALG,
+ &operation, &status ) )
+ goto exit;
+ TEST_EQUAL( status, PSA_SUCCESS );
+#endif
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_bad_order( )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
+ psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
+ const uint8_t key[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
+ size_t sign_mac_length = 0;
+ const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
+ const uint8_t verify_mac[] = {
+ 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
+ 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
+ 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
+ alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key, sizeof(key) ) );
+
+ /* Call update without calling setup beforehand. */
+ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call sign finish without calling setup beforehand. */
+ TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
+ &sign_mac_length),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call verify finish without calling setup beforehand. */
+ TEST_EQUAL( psa_mac_verify_finish( &operation,
+ verify_mac, sizeof( verify_mac ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call setup twice in a row. */
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ TEST_EQUAL( psa_mac_sign_setup( &operation,
+ handle, alg ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call update after sign finish. */
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ PSA_ASSERT( psa_mac_sign_finish( &operation,
+ sign_mac, sizeof( sign_mac ),
+ &sign_mac_length ) );
+ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call update after verify finish. */
+ PSA_ASSERT( psa_mac_verify_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ PSA_ASSERT( psa_mac_verify_finish( &operation,
+ verify_mac, sizeof( verify_mac ) ) );
+ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call sign finish twice in a row. */
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ PSA_ASSERT( psa_mac_sign_finish( &operation,
+ sign_mac, sizeof( sign_mac ),
+ &sign_mac_length ) );
+ TEST_EQUAL( psa_mac_sign_finish( &operation,
+ sign_mac, sizeof( sign_mac ),
+ &sign_mac_length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Call verify finish twice in a row. */
+ PSA_ASSERT( psa_mac_verify_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ PSA_ASSERT( psa_mac_verify_finish( &operation,
+ verify_mac, sizeof( verify_mac ) ) );
+ TEST_EQUAL( psa_mac_verify_finish( &operation,
+ verify_mac, sizeof( verify_mac ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Setup sign but try verify. */
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ TEST_EQUAL( psa_mac_verify_finish( &operation,
+ verify_mac, sizeof( verify_mac ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+ /* Setup verify but try sign. */
+ PSA_ASSERT( psa_mac_verify_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ TEST_EQUAL( psa_mac_sign_finish( &operation,
+ sign_mac, sizeof( sign_mac ),
+ &sign_mac_length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_sign( int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ /* Leave a little extra room in the output buffer. At the end of the
+ * test, we'll check that the implementation didn't overwrite onto
+ * this extra room. */
+ uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
+ size_t mac_buffer_size =
+ PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
+ size_t mac_length = 0;
+
+ memset( actual_mac, '+', sizeof( actual_mac ) );
+ TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
+ TEST_ASSERT( expected_mac->len <= mac_buffer_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ /* Calculate the MAC. */
+ PSA_ASSERT( psa_mac_sign_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_mac_update( &operation,
+ input->x, input->len ) );
+ PSA_ASSERT( psa_mac_sign_finish( &operation,
+ actual_mac, mac_buffer_size,
+ &mac_length ) );
+
+ /* Compare with the expected value. */
+ ASSERT_COMPARE( expected_mac->x, expected_mac->len,
+ actual_mac, mac_length );
+
+ /* Verify that the end of the buffer is untouched. */
+ TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
+ sizeof( actual_mac ) - mac_length ) );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_verify( int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_mac_verify_setup( &operation,
+ handle, alg ) );
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_mac_update( &operation,
+ input->x, input->len ) );
+ PSA_ASSERT( psa_mac_verify_finish( &operation,
+ expected_mac->x,
+ expected_mac->len ) );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_operation_init( )
+{
+ const uint8_t input[1] = { 0 };
+ unsigned char output[1] = { 0 };
+ size_t output_length;
+ /* Test each valid way of initializing the object, except for `= {0}`, as
+ * Clang 5 complains when `-Wmissing-field-initializers` is used, even
+ * though it's OK by the C standard. We could test for this, but we'd need
+ * to supress the Clang warning for the test. */
+ psa_cipher_operation_t func = psa_cipher_operation_init( );
+ psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t zero;
+
+ memset( &zero, 0, sizeof( zero ) );
+
+ /* A freshly-initialized cipher operation should not be usable. */
+ TEST_EQUAL( psa_cipher_update( &func,
+ input, sizeof( input ),
+ output, sizeof( output ),
+ &output_length ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_cipher_update( &init,
+ input, sizeof( input ),
+ output, sizeof( output ),
+ &output_length ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_cipher_update( &zero,
+ input, sizeof( input ),
+ output, sizeof( output ),
+ &output_length ),
+ PSA_ERROR_BAD_STATE );
+
+ /* A default cipher operation should be abortable without error. */
+ PSA_ASSERT( psa_cipher_abort( &func ) );
+ PSA_ASSERT( psa_cipher_abort( &init ) );
+ PSA_ASSERT( psa_cipher_abort( &zero ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_setup( int key_type_arg,
+ data_t *key,
+ int alg_arg,
+ int expected_status_arg )
+{
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_status_t status;
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+ const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+#endif
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
+ &operation, &status ) )
+ goto exit;
+ TEST_EQUAL( status, expected_status );
+
+ /* The operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
+ if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
+ smoke_test_key_data,
+ sizeof( smoke_test_key_data ),
+ KNOWN_SUPPORTED_CIPHER_ALG,
+ &operation, &status ) )
+ goto exit;
+ TEST_EQUAL( status, PSA_SUCCESS );
+#endif
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_bad_order( )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+ psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
+ const uint8_t key[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa };
+ const uint8_t text[] = {
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb };
+ uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
+ size_t length = 0;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key, sizeof(key) ) );
+
+
+ /* Call encrypt setup twice in a row. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call decrypt setup twice in a row. */
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) );
+ TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Generate an IV without calling setup beforehand. */
+ TEST_EQUAL( psa_cipher_generate_iv( &operation,
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Generate an IV twice in a row. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_generate_iv( &operation,
+ buffer, sizeof( buffer ),
+ &length ) );
+ TEST_EQUAL( psa_cipher_generate_iv( &operation,
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Generate an IV after it's already set. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+ TEST_EQUAL( psa_cipher_generate_iv( &operation,
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Set an IV without calling setup beforehand. */
+ TEST_EQUAL( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Set an IV after it's already set. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+ TEST_EQUAL( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Set an IV after it's already generated. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_generate_iv( &operation,
+ buffer, sizeof( buffer ),
+ &length ) );
+ TEST_EQUAL( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call update without calling setup beforehand. */
+ TEST_EQUAL( psa_cipher_update( &operation,
+ text, sizeof( text ),
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call update without an IV where an IV is required. */
+ TEST_EQUAL( psa_cipher_update( &operation,
+ text, sizeof( text ),
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call update after finish. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ buffer, sizeof( buffer ), &length ) );
+ TEST_EQUAL( psa_cipher_update( &operation,
+ text, sizeof( text ),
+ buffer, sizeof( buffer ),
+ &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call finish without calling setup beforehand. */
+ TEST_EQUAL( psa_cipher_finish( &operation,
+ buffer, sizeof( buffer ), &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call finish without an IV where an IV is required. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ /* Not calling update means we are encrypting an empty buffer, which is OK
+ * for cipher modes with padding. */
+ TEST_EQUAL( psa_cipher_finish( &operation,
+ buffer, sizeof( buffer ), &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ /* Call finish twice in a row. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ buffer, sizeof( buffer ), &length ) );
+ TEST_EQUAL( psa_cipher_finish( &operation,
+ buffer, sizeof( buffer ), &length ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt( int alg_arg, int key_type_arg,
+ data_t *key,
+ data_t *input, data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_status_t status;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t function_output_length = 0;
+ size_t total_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
+ memset( iv, 0x2a, iv_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, iv_size ) );
+ output_buffer_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length ) );
+ total_output_length += function_output_length;
+ status = psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length );
+ total_output_length += function_output_length;
+
+ TEST_EQUAL( status, expected_status );
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+ }
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
+ data_t *key,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg, int output2_length_arg,
+ data_t *expected_output )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t first_part_size = first_part_size_arg;
+ size_t output1_length = output1_length_arg;
+ size_t output2_length = output2_length_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t function_output_length = 0;
+ size_t total_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
+ memset( iv, 0x2a, iv_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+ output_buffer_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ TEST_ASSERT( first_part_size <= input->len );
+ PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output1_length );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output2_length );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
+ data_t *key,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg, int output2_length_arg,
+ data_t *expected_output )
+{
+ psa_key_handle_t handle = 0;
+
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t first_part_size = first_part_size_arg;
+ size_t output1_length = output1_length_arg;
+ size_t output2_length = output2_length_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t function_output_length = 0;
+ size_t total_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
+ memset( iv, 0x2a, iv_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, sizeof( iv ) ) );
+
+ output_buffer_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ TEST_ASSERT( first_part_size <= input->len );
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x, first_part_size,
+ output, output_buffer_size,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output1_length );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output2_length );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ total_output_length += function_output_length;
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt( int alg_arg, int key_type_arg,
+ data_t *key,
+ data_t *input, data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_status_t status;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t function_output_length = 0;
+ size_t total_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
+ memset( iv, 0x2a, iv_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation,
+ iv, iv_size ) );
+
+ output_buffer_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length ) );
+ total_output_length += function_output_length;
+ status = psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length );
+ total_output_length += function_output_length;
+ TEST_EQUAL( status, expected_status );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+ }
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_verify_output( int alg_arg, int key_type_arg,
+ data_t *key,
+ data_t *input )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size = 16;
+ size_t iv_length = 0;
+ unsigned char *output1 = NULL;
+ size_t output1_size = 0;
+ size_t output1_length = 0;
+ unsigned char *output2 = NULL;
+ size_t output2_size = 0;
+ size_t output2_length = 0;
+ size_t function_output_length = 0;
+ psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
+ handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_generate_iv( &operation1,
+ iv, iv_size,
+ &iv_length ) );
+ output1_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output1, output1_size );
+
+ PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
+ output1, output1_size,
+ &output1_length ) );
+ PSA_ASSERT( psa_cipher_finish( &operation1,
+ output1 + output1_length,
+ output1_size - output1_length,
+ &function_output_length ) );
+
+ output1_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_abort( &operation1 ) );
+
+ output2_size = output1_length;
+ ASSERT_ALLOC( output2, output2_size );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation2,
+ iv, iv_length ) );
+ PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
+ output2, output2_size,
+ &output2_length ) );
+ function_output_length = 0;
+ PSA_ASSERT( psa_cipher_finish( &operation2,
+ output2 + output2_length,
+ output2_size - output2_length,
+ &function_output_length ) );
+
+ output2_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_abort( &operation2 ) );
+
+ ASSERT_COMPARE( input->x, input->len, output2, output2_length );
+
+exit:
+ mbedtls_free( output1 );
+ mbedtls_free( output2 );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_verify_output_multipart( int alg_arg,
+ int key_type_arg,
+ data_t *key,
+ data_t *input,
+ int first_part_size_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t first_part_size = first_part_size_arg;
+ unsigned char iv[16] = {0};
+ size_t iv_size = 16;
+ size_t iv_length = 0;
+ unsigned char *output1 = NULL;
+ size_t output1_buffer_size = 0;
+ size_t output1_length = 0;
+ unsigned char *output2 = NULL;
+ size_t output2_buffer_size = 0;
+ size_t output2_length = 0;
+ size_t function_output_length;
+ psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key->x, key->len ) );
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
+ handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
+ handle, alg ) );
+
+ PSA_ASSERT( psa_cipher_generate_iv( &operation1,
+ iv, iv_size,
+ &iv_length ) );
+ output1_buffer_size = ( (size_t) input->len +
+ PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
+ ASSERT_ALLOC( output1, output1_buffer_size );
+
+ TEST_ASSERT( first_part_size <= input->len );
+
+ PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
+ output1, output1_buffer_size,
+ &function_output_length ) );
+ output1_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_update( &operation1,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output1, output1_buffer_size,
+ &function_output_length ) );
+ output1_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_finish( &operation1,
+ output1 + output1_length,
+ output1_buffer_size - output1_length,
+ &function_output_length ) );
+ output1_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_abort( &operation1 ) );
+
+ output2_buffer_size = output1_length;
+ ASSERT_ALLOC( output2, output2_buffer_size );
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation2,
+ iv, iv_length ) );
+
+ PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
+ output2, output2_buffer_size,
+ &function_output_length ) );
+ output2_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_update( &operation2,
+ output1 + first_part_size,
+ output1_length - first_part_size,
+ output2, output2_buffer_size,
+ &function_output_length ) );
+ output2_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_finish( &operation2,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length ) );
+ output2_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_abort( &operation2 ) );
+
+ ASSERT_COMPARE( input->x, input->len, output2, output2_length );
+
+exit:
+ mbedtls_free( output1 );
+ mbedtls_free( output2 );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ int expected_result_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ unsigned char *output_data2 = NULL;
+ size_t output_length2 = 0;
+ size_t tag_length = 16;
+ psa_status_t expected_result = expected_result_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ output_size = input_data->len + tag_length;
+ ASSERT_ALLOC( output_data, output_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ TEST_EQUAL( psa_aead_encrypt( handle, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length ),
+ expected_result );
+
+ if( PSA_SUCCESS == expected_result )
+ {
+ ASSERT_ALLOC( output_data2, output_length );
+
+ TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ output_data, output_length,
+ output_data2, output_length,
+ &output_length2 ),
+ expected_result );
+
+ ASSERT_COMPARE( input_data->x, input_data->len,
+ output_data2, output_length2 );
+ }
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output_data );
+ mbedtls_free( output_data2 );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_result )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ size_t tag_length = 16;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ output_size = input_data->len + tag_length;
+ ASSERT_ALLOC( output_data, output_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ nonce->x, nonce->len,
+ additional_data->x, additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length ) );
+
+ ASSERT_COMPARE( expected_result->x, expected_result->len,
+ output_data, output_length );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output_data );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_decrypt( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_data,
+ int expected_result_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ size_t tag_length = 16;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t expected_result = expected_result_arg;
+
+ output_size = input_data->len + tag_length;
+ ASSERT_ALLOC( output_data, output_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length ),
+ expected_result );
+
+ if( expected_result == PSA_SUCCESS )
+ ASSERT_COMPARE( expected_data->x, expected_data->len,
+ output_data, output_length );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output_data );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void signature_size( int type_arg,
+ int bits,
+ int alg_arg,
+ int expected_size_arg )
+{
+ psa_key_type_t type = type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
+ TEST_EQUAL( actual_size, (size_t) expected_size_arg );
+exit:
+ ;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_deterministic( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ data_t *output_data )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *signature = NULL;
+ size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+ PSA_ASSERT( psa_get_key_information( handle,
+ NULL,
+ &key_bits ) );
+
+ /* Allocate a buffer which has the size advertized by the
+ * library. */
+ signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
+ key_bits, alg );
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
+ /* Perform the signature. */
+ PSA_ASSERT( psa_asymmetric_sign( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
+ /* Verify that the signature is what is expected. */
+ ASSERT_COMPARE( output_data->x, output_data->len,
+ signature, signature_length );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( signature );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ int signature_size_arg, int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t signature_size = signature_size_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *signature = NULL;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ ASSERT_ALLOC( signature, signature_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ actual_status = psa_asymmetric_sign( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length );
+ TEST_EQUAL( actual_status, expected_status );
+ /* The value of *signature_length is unspecified on error, but
+ * whatever it is, it should be less than signature_size, so that
+ * if the caller tries to read *signature_length bytes without
+ * checking the error code then they don't overflow a buffer. */
+ TEST_ASSERT( signature_length <= signature_size );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( signature );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_verify( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *signature = NULL;
+ size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
+ alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+ PSA_ASSERT( psa_get_key_information( handle,
+ NULL,
+ &key_bits ) );
+
+ /* Allocate a buffer which has the size advertized by the
+ * library. */
+ signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
+ key_bits, alg );
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
+ /* Perform the signature. */
+ PSA_ASSERT( psa_asymmetric_sign( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
+ /* Check that the signature length looks sensible. */
+ TEST_ASSERT( signature_length <= signature_size );
+ TEST_ASSERT( signature_length > 0 );
+
+ /* Use the library to verify that the signature is correct. */
+ PSA_ASSERT( psa_asymmetric_verify(
+ handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ) );
+
+ if( input_data->len != 0 )
+ {
+ /* Flip a bit in the input and verify that the signature is now
+ * detected as invalid. Flip a bit at the beginning, not at the end,
+ * because ECDSA may ignore the last few bits of the input. */
+ input_data->x[0] ^= 1;
+ TEST_EQUAL( psa_asymmetric_verify( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ),
+ PSA_ERROR_INVALID_SIGNATURE );
+ }
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( signature );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_verify( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ PSA_ASSERT( psa_asymmetric_verify( handle, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x,
+ signature_data->len ) );
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ actual_status = psa_asymmetric_verify( handle, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x,
+ signature_data->len );
+
+ TEST_EQUAL( actual_status, expected_status );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encrypt( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label,
+ int expected_output_length_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t expected_output_length = expected_output_length_arg;
+ size_t key_bits;
+ unsigned char *output = NULL;
+ size_t output_size;
+ size_t output_length = ~0;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Import the key */
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ /* Determine the maximum output length */
+ PSA_ASSERT( psa_get_key_information( handle,
+ NULL,
+ &key_bits ) );
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ ASSERT_ALLOC( output, output_size );
+
+ /* Encrypt the input */
+ actual_status = psa_asymmetric_encrypt( handle, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_length, expected_output_length );
+
+ /* If the label is empty, the test framework puts a non-null pointer
+ * in label->x. Test that a null pointer works as well. */
+ if( label->len == 0 )
+ {
+ output_length = ~0;
+ if( output_size != 0 )
+ memset( output, 0, output_size );
+ actual_status = psa_asymmetric_encrypt( handle, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output, output_size,
+ &output_length );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_length, expected_output_length );
+ }
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encrypt_decrypt( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *output = NULL;
+ size_t output_size;
+ size_t output_length = ~0;
+ unsigned char *output2 = NULL;
+ size_t output2_size;
+ size_t output2_length = ~0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ /* Determine the maximum ciphertext length */
+ PSA_ASSERT( psa_get_key_information( handle,
+ NULL,
+ &key_bits ) );
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ ASSERT_ALLOC( output, output_size );
+ output2_size = input_data->len;
+ ASSERT_ALLOC( output2, output2_size );
+
+ /* We test encryption by checking that encrypt-then-decrypt gives back
+ * the original plaintext because of the non-optional random
+ * part of encryption process which prevents using fixed vectors. */
+ PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length ) );
+ /* We don't know what ciphertext length to expect, but check that
+ * it looks sensible. */
+ TEST_ASSERT( output_length <= output_size );
+
+ PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ output, output_length,
+ label->x, label->len,
+ output2, output2_size,
+ &output2_length ) );
+ ASSERT_COMPARE( input_data->x, input_data->len,
+ output2, output2_length );
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output );
+ mbedtls_free( output2 );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_decrypt( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label,
+ data_t *expected_data )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output = NULL;
+ size_t output_size = 0;
+ size_t output_length = ~0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ output_size = expected_data->len;
+ ASSERT_ALLOC( output, output_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output,
+ output_size,
+ &output_length ) );
+ ASSERT_COMPARE( expected_data->x, expected_data->len,
+ output, output_length );
+
+ /* If the label is empty, the test framework puts a non-null pointer
+ * in label->x. Test that a null pointer works as well. */
+ if( label->len == 0 )
+ {
+ output_length = ~0;
+ if( output_size != 0 )
+ memset( output, 0, output_size );
+ PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output,
+ output_size,
+ &output_length ) );
+ ASSERT_COMPARE( expected_data->x, expected_data->len,
+ output, output_length );
+ }
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_decrypt_fail( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *label,
+ int output_size_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output = NULL;
+ size_t output_size = output_size_arg;
+ size_t output_length = ~0;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ ASSERT_ALLOC( output, output_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ actual_status = psa_asymmetric_decrypt( handle, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_ASSERT( output_length <= output_size );
+
+ /* If the label is empty, the test framework puts a non-null pointer
+ * in label->x. Test that a null pointer works as well. */
+ if( label->len == 0 )
+ {
+ output_length = ~0;
+ if( output_size != 0 )
+ memset( output, 0, output_size );
+ actual_status = psa_asymmetric_decrypt( handle, alg,
+ input_data->x, input_data->len,
+ NULL, label->len,
+ output, output_size,
+ &output_length );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_ASSERT( output_length <= output_size );
+ }
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_free( output );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void crypto_generator_init( )
+{
+ /* Test each valid way of initializing the object, except for `= {0}`, as
+ * Clang 5 complains when `-Wmissing-field-initializers` is used, even
+ * though it's OK by the C standard. We could test for this, but we'd need
+ * to supress the Clang warning for the test. */
+ size_t capacity;
+ psa_crypto_generator_t func = psa_crypto_generator_init( );
+ psa_crypto_generator_t init = PSA_CRYPTO_GENERATOR_INIT;
+ psa_crypto_generator_t zero;
+
+ memset( &zero, 0, sizeof( zero ) );
+
+ /* A default generator should not be able to report its capacity. */
+ TEST_EQUAL( psa_get_generator_capacity( &func, &capacity ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_get_generator_capacity( &init, &capacity ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_get_generator_capacity( &zero, &capacity ),
+ PSA_ERROR_BAD_STATE );
+
+ /* A default generator should be abortable without error. */
+ PSA_ASSERT( psa_generator_abort(&func) );
+ PSA_ASSERT( psa_generator_abort(&init) );
+ PSA_ASSERT( psa_generator_abort(&zero) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_setup( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *salt,
+ data_t *label,
+ int requested_capacity_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ size_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t requested_capacity = requested_capacity_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x,
+ key_data->len ) );
+
+ TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ requested_capacity ),
+ expected_status );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_derive_invalid_generator_state( )
+{
+ psa_key_handle_t handle = 0;
+ size_t key_type = PSA_KEY_TYPE_DERIVE;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
+ uint8_t buffer[42];
+ size_t capacity = sizeof( buffer );
+ const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data,
+ sizeof( key_data ) ) );
+
+ /* valid key derivation */
+ PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ NULL, 0,
+ NULL, 0,
+ capacity ) );
+
+ /* state of generator shouldn't allow additional generation */
+ TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+ NULL, 0,
+ NULL, 0,
+ capacity ),
+ PSA_ERROR_BAD_STATE );
+
+ PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
+
+ TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
+ PSA_ERROR_INSUFFICIENT_DATA );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_derive_invalid_generator_tests( )
+{
+ uint8_t output_buffer[16];
+ size_t buffer_size = 16;
+ size_t capacity = 0;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+
+ TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
+ == PSA_ERROR_BAD_STATE );
+
+ TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
+ == PSA_ERROR_BAD_STATE );
+
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+
+ TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
+ == PSA_ERROR_BAD_STATE );
+
+ TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
+ == PSA_ERROR_BAD_STATE );
+
+exit:
+ psa_generator_abort( &generator );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_output( int alg_arg,
+ data_t *key_data,
+ data_t *salt,
+ data_t *label,
+ int requested_capacity_arg,
+ data_t *expected_output1,
+ data_t *expected_output2 )
+{
+ psa_key_handle_t handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ size_t requested_capacity = requested_capacity_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ uint8_t *expected_outputs[2] =
+ {expected_output1->x, expected_output2->x};
+ size_t output_sizes[2] =
+ {expected_output1->len, expected_output2->len};
+ size_t output_buffer_size = 0;
+ uint8_t *output_buffer = NULL;
+ size_t expected_capacity;
+ size_t current_capacity;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t status;
+ unsigned i;
+
+ for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
+ {
+ if( output_sizes[i] > output_buffer_size )
+ output_buffer_size = output_sizes[i];
+ if( output_sizes[i] == 0 )
+ expected_outputs[i] = NULL;
+ }
+ ASSERT_ALLOC( output_buffer, output_buffer_size );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
+ key_data->x,
+ key_data->len ) );
+
+ /* Extraction phase. */
+ PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ requested_capacity ) );
+ PSA_ASSERT( psa_get_generator_capacity( &generator,
+ ¤t_capacity ) );
+ TEST_EQUAL( current_capacity, requested_capacity );
+ expected_capacity = requested_capacity;
+
+ /* Expansion phase. */
+ for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
+ {
+ /* Read some bytes. */
+ status = psa_generator_read( &generator,
+ output_buffer, output_sizes[i] );
+ if( expected_capacity == 0 && output_sizes[i] == 0 )
+ {
+ /* Reading 0 bytes when 0 bytes are available can go either way. */
+ TEST_ASSERT( status == PSA_SUCCESS ||
+ status == PSA_ERROR_INSUFFICIENT_DATA );
+ continue;
+ }
+ else if( expected_capacity == 0 ||
+ output_sizes[i] > expected_capacity )
+ {
+ /* Capacity exceeded. */
+ TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
+ expected_capacity = 0;
+ continue;
+ }
+ /* Success. Check the read data. */
+ PSA_ASSERT( status );
+ if( output_sizes[i] != 0 )
+ ASSERT_COMPARE( output_buffer, output_sizes[i],
+ expected_outputs[i], output_sizes[i] );
+ /* Check the generator status. */
+ expected_capacity -= output_sizes[i];
+ PSA_ASSERT( psa_get_generator_capacity( &generator,
+ ¤t_capacity ) );
+ TEST_EQUAL( expected_capacity, current_capacity );
+ }
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_full( int alg_arg,
+ data_t *key_data,
+ data_t *salt,
+ data_t *label,
+ int requested_capacity_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ size_t requested_capacity = requested_capacity_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ unsigned char output_buffer[16];
+ size_t expected_capacity = requested_capacity;
+ size_t current_capacity;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
+ key_data->x,
+ key_data->len ) );
+
+ /* Extraction phase. */
+ PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ requested_capacity ) );
+ PSA_ASSERT( psa_get_generator_capacity( &generator,
+ ¤t_capacity ) );
+ TEST_EQUAL( current_capacity, expected_capacity );
+
+ /* Expansion phase. */
+ while( current_capacity > 0 )
+ {
+ size_t read_size = sizeof( output_buffer );
+ if( read_size > current_capacity )
+ read_size = current_capacity;
+ PSA_ASSERT( psa_generator_read( &generator,
+ output_buffer,
+ read_size ) );
+ expected_capacity -= read_size;
+ PSA_ASSERT( psa_get_generator_capacity( &generator,
+ ¤t_capacity ) );
+ TEST_EQUAL( current_capacity, expected_capacity );
+ }
+
+ /* Check that the generator refuses to go over capacity. */
+ TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
+ PSA_ERROR_INSUFFICIENT_DATA );
+
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_key_exercise( int alg_arg,
+ data_t *key_data,
+ data_t *salt,
+ data_t *label,
+ int derived_type_arg,
+ int derived_bits_arg,
+ int derived_usage_arg,
+ int derived_alg_arg )
+{
+ psa_key_handle_t base_handle = 0;
+ psa_key_handle_t derived_handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t derived_type = derived_type_arg;
+ size_t derived_bits = derived_bits_arg;
+ psa_key_usage_t derived_usage = derived_usage_arg;
+ psa_algorithm_t derived_alg = derived_alg_arg;
+ size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t got_type;
+ size_t got_bits;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &base_handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
+ PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
+ key_data->x,
+ key_data->len ) );
+
+ /* Derive a key. */
+ PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ capacity ) );
+ PSA_ASSERT( psa_allocate_key( &derived_handle ) );
+ psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
+ PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
+ PSA_ASSERT( psa_generator_import_key( derived_handle,
+ derived_type,
+ derived_bits,
+ &generator ) );
+
+ /* Test the key information */
+ PSA_ASSERT( psa_get_key_information( derived_handle,
+ &got_type,
+ &got_bits ) );
+ TEST_EQUAL( got_type, derived_type );
+ TEST_EQUAL( got_bits, derived_bits );
+
+ /* Exercise the derived key. */
+ if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
+ goto exit;
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( base_handle );
+ psa_destroy_key( derived_handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void derive_key_export( int alg_arg,
+ data_t *key_data,
+ data_t *salt,
+ data_t *label,
+ int bytes1_arg,
+ int bytes2_arg )
+{
+ psa_key_handle_t base_handle = 0;
+ psa_key_handle_t derived_handle = 0;
+ psa_algorithm_t alg = alg_arg;
+ size_t bytes1 = bytes1_arg;
+ size_t derived_bits = PSA_BYTES_TO_BITS( bytes1 );
+ size_t bytes2 = bytes2_arg;
+ size_t capacity = bytes1 + bytes2;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ uint8_t *output_buffer = NULL;
+ uint8_t *export_buffer = NULL;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ size_t length;
+
+ ASSERT_ALLOC( output_buffer, capacity );
+ ASSERT_ALLOC( export_buffer, capacity );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &base_handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
+ PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
+ key_data->x,
+ key_data->len ) );
+
+ /* Derive some material and output it. */
+ PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ capacity ) );
+ PSA_ASSERT( psa_generator_read( &generator,
+ output_buffer,
+ capacity ) );
+ PSA_ASSERT( psa_generator_abort( &generator ) );
+
+ /* Derive the same output again, but this time store it in key objects. */
+ PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ salt->x, salt->len,
+ label->x, label->len,
+ capacity ) );
+ PSA_ASSERT( psa_allocate_key( &derived_handle ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
+ PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
+ PSA_ASSERT( psa_generator_import_key( derived_handle,
+ PSA_KEY_TYPE_RAW_DATA,
+ derived_bits,
+ &generator ) );
+ PSA_ASSERT( psa_export_key( derived_handle,
+ export_buffer, bytes1,
+ &length ) );
+ TEST_EQUAL( length, bytes1 );
+ PSA_ASSERT( psa_destroy_key( derived_handle ) );
+ PSA_ASSERT( psa_allocate_key( &derived_handle ) );
+ PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
+ PSA_ASSERT( psa_generator_import_key( derived_handle,
+ PSA_KEY_TYPE_RAW_DATA,
+ PSA_BYTES_TO_BITS( bytes2 ),
+ &generator ) );
+ PSA_ASSERT( psa_export_key( derived_handle,
+ export_buffer + bytes1, bytes2,
+ &length ) );
+ TEST_EQUAL( length, bytes2 );
+
+ /* Compare the outputs from the two runs. */
+ ASSERT_COMPARE( output_buffer, bytes1 + bytes2,
+ export_buffer, capacity );
+
+exit:
+ mbedtls_free( output_buffer );
+ mbedtls_free( export_buffer );
+ psa_generator_abort( &generator );
+ psa_destroy_key( base_handle );
+ psa_destroy_key( derived_handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_agreement_setup( int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ int expected_status_arg )
+{
+ psa_key_handle_t our_key = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t our_key_type = our_key_type_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &our_key ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
+ PSA_ASSERT( psa_import_key( our_key, our_key_type,
+ our_key_data->x,
+ our_key_data->len ) );
+
+ TEST_EQUAL( psa_key_agreement( &generator,
+ our_key,
+ peer_key_data->x, peer_key_data->len,
+ alg ),
+ expected_status_arg );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( our_key );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_agreement_capacity( int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ int expected_capacity_arg )
+{
+ psa_key_handle_t our_key = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t our_key_type = our_key_type_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ size_t actual_capacity;
+ unsigned char output[16];
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &our_key ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
+ PSA_ASSERT( psa_import_key( our_key, our_key_type,
+ our_key_data->x,
+ our_key_data->len ) );
+
+ PSA_ASSERT( psa_key_agreement( &generator,
+ our_key,
+ peer_key_data->x, peer_key_data->len,
+ alg ) );
+
+ /* Test the advertized capacity. */
+ PSA_ASSERT( psa_get_generator_capacity(
+ &generator, &actual_capacity ) );
+ TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
+
+ /* Test the actual capacity by reading the output. */
+ while( actual_capacity > sizeof( output ) )
+ {
+ PSA_ASSERT( psa_generator_read( &generator,
+ output, sizeof( output ) ) );
+ actual_capacity -= sizeof( output );
+ }
+ PSA_ASSERT( psa_generator_read( &generator,
+ output, actual_capacity ) );
+ TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
+ PSA_ERROR_INSUFFICIENT_DATA );
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( our_key );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_agreement_output( int alg_arg,
+ int our_key_type_arg, data_t *our_key_data,
+ data_t *peer_key_data,
+ data_t *expected_output1, data_t *expected_output2 )
+{
+ psa_key_handle_t our_key = 0;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t our_key_type = our_key_type_arg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ uint8_t *actual_output = NULL;
+
+ ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
+ expected_output2->len ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &our_key ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+ PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
+ PSA_ASSERT( psa_import_key( our_key, our_key_type,
+ our_key_data->x,
+ our_key_data->len ) );
+
+ PSA_ASSERT( psa_key_agreement( &generator,
+ our_key,
+ peer_key_data->x, peer_key_data->len,
+ alg ) );
+
+ PSA_ASSERT( psa_generator_read( &generator,
+ actual_output,
+ expected_output1->len ) );
+ ASSERT_COMPARE( actual_output, expected_output1->len,
+ expected_output1->x, expected_output1->len );
+ if( expected_output2->len != 0 )
+ {
+ PSA_ASSERT( psa_generator_read( &generator,
+ actual_output,
+ expected_output2->len ) );
+ ASSERT_COMPARE( actual_output, expected_output2->len,
+ expected_output2->x, expected_output2->len );
+ }
+
+exit:
+ psa_generator_abort( &generator );
+ psa_destroy_key( our_key );
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( actual_output );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_random( int bytes_arg )
+{
+ size_t bytes = bytes_arg;
+ const unsigned char trail[] = "don't overwrite me";
+ unsigned char *output = NULL;
+ unsigned char *changed = NULL;
+ size_t i;
+ unsigned run;
+
+ ASSERT_ALLOC( output, bytes + sizeof( trail ) );
+ ASSERT_ALLOC( changed, bytes );
+ memcpy( output + bytes, trail, sizeof( trail ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Run several times, to ensure that every output byte will be
+ * nonzero at least once with overwhelming probability
+ * (2^(-8*number_of_runs)). */
+ for( run = 0; run < 10; run++ )
+ {
+ if( bytes != 0 )
+ memset( output, 0, bytes );
+ PSA_ASSERT( psa_generate_random( output, bytes ) );
+
+ /* Check that no more than bytes have been overwritten */
+ ASSERT_COMPARE( output + bytes, sizeof( trail ),
+ trail, sizeof( trail ) );
+
+ for( i = 0; i < bytes; i++ )
+ {
+ if( output[i] != 0 )
+ ++changed[i];
+ }
+ }
+
+ /* Check that every byte was changed to nonzero at least once. This
+ * validates that psa_generate_random is overwriting every byte of
+ * the output buffer. */
+ for( i = 0; i < bytes; i++ )
+ {
+ TEST_ASSERT( changed[i] != 0 );
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( output );
+ mbedtls_free( changed );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_key( int type_arg,
+ int bits_arg,
+ int usage_arg,
+ int alg_arg,
+ int expected_status_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t type = type_arg;
+ psa_key_usage_t usage = usage_arg;
+ size_t bits = bits_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ psa_status_t expected_info_status =
+ expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ /* Generate a key */
+ TEST_EQUAL( psa_generate_key( handle, type, bits, NULL, 0 ),
+ expected_status );
+
+ /* Test the key information */
+ TEST_EQUAL( psa_get_key_information( handle, &got_type, &got_bits ),
+ expected_info_status );
+ if( expected_info_status != PSA_SUCCESS )
+ goto exit;
+ TEST_EQUAL( got_type, type );
+ TEST_EQUAL( got_bits, bits );
+
+ /* Do something with the key according to its type and permitted usage. */
+ if( ! exercise_key( handle, usage, alg ) )
+ goto exit;
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+void persistent_key_load_key_from_storage( data_t *data, int type_arg,
+ int bits, int usage_arg,
+ int alg_arg, int generation_method,
+ int export_status )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_handle_t base_key;
+ psa_key_type_t type = (psa_key_type_t) type_arg;
+ psa_key_type_t type_get;
+ size_t bits_get;
+ psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
+ psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
+ psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
+ psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT;
+ psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ unsigned char *first_export = NULL;
+ unsigned char *second_export = NULL;
+ size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
+ size_t first_exported_length;
+ size_t second_exported_length;
+
+ ASSERT_ALLOC( first_export, export_size );
+ ASSERT_ALLOC( second_export, export_size );
+
+ PSA_ASSERT( psa_crypto_init() );
+
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
+ &handle ) );
+ psa_key_policy_set_usage( &policy_set, policy_usage,
+ policy_alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+
+ switch( generation_method )
+ {
+ case IMPORT_KEY:
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data->x, data->len ) );
+ break;
+
+ case GENERATE_KEY:
+ /* Generate a key */
+ PSA_ASSERT( psa_generate_key( handle, type, bits,
+ NULL, 0 ) );
+ break;
+
+ case DERIVE_KEY:
+ /* Create base key */
+ PSA_ASSERT( psa_allocate_key( &base_key ) );
+ psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
+ base_policy_alg );
+ PSA_ASSERT( psa_set_key_policy(
+ base_key, &base_policy_set ) );
+ PSA_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
+ data->x, data->len ) );
+ /* Derive a key. */
+ PSA_ASSERT( psa_key_derivation( &generator, base_key,
+ base_policy_alg,
+ NULL, 0, NULL, 0,
+ export_size ) );
+ PSA_ASSERT( psa_generator_import_key(
+ handle, PSA_KEY_TYPE_RAW_DATA,
+ bits, &generator ) );
+ break;
+ }
+
+ /* Export the key */
+ TEST_EQUAL( psa_export_key( handle,
+ first_export, export_size,
+ &first_exported_length ),
+ export_status );
+
+ /* Shutdown and restart */
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT( psa_crypto_init() );
+
+ /* Check key slot still contains key data */
+ PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
+ &handle ) );
+ PSA_ASSERT( psa_get_key_information(
+ handle, &type_get, &bits_get ) );
+ TEST_EQUAL( type_get, type );
+ TEST_EQUAL( bits_get, (size_t) bits );
+
+ PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
+ TEST_EQUAL( psa_key_policy_get_usage( &policy_get ), policy_usage );
+ TEST_EQUAL( psa_key_policy_get_algorithm( &policy_get ), policy_alg );
+
+ /* Export the key again */
+ TEST_EQUAL( psa_export_key( handle,
+ second_export, export_size,
+ &second_exported_length ),
+ export_status );
+
+ if( export_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( first_export, first_exported_length,
+ second_export, second_exported_length );
+
+ switch( generation_method )
+ {
+ case IMPORT_KEY:
+ ASSERT_COMPARE( data->x, data->len,
+ first_export, first_exported_length );
+ break;
+ default:
+ break;
+ }
+ }
+
+ /* Do something with the key according to its type and permitted usage. */
+ if( ! exercise_key( handle, policy_usage, policy_alg ) )
+ goto exit;
+
+exit:
+ mbedtls_free( first_export );
+ mbedtls_free( second_export );
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data
new file mode 100644
index 0000000..61593e9
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@@ -0,0 +1,18 @@
+PSA validate entropy injection: good, minimum size
+validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED
+
+PSA validate entropy injection: good, max size
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_ERROR_NOT_PERMITTED
+
+PSA validate entropy injection: bad, too big
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
+
+PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
+
+PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_BLOCK_SIZE
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
+
+PSA validate entropy injection: before and after crypto_init
+run_entropy_inject_with_crypto_init:
+
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
new file mode 100644
index 0000000..91e210e
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -0,0 +1,116 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+
+#include "psa/crypto.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include <stdio.h>
+#else
+#include <psa/internal_trusted_storage.h>
+#endif
+
+/* Calculating the minimum allowed entropy size in bytes */
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+/* Remove the entropy seed file. Since the library does not expose a way
+ * to do this (it would be a security risk if such a function was ever
+ * accessible in production), implement this functionality in a white-box
+ * manner. */
+psa_status_t remove_seed_file( void )
+{
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ if( remove( "00000000ffffff52.psa_its" ) == 0 )
+ return( PSA_SUCCESS );
+ else
+ return( PSA_ERROR_DOES_NOT_EXIST );
+#else
+ return( psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ) );
+#endif
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_INJECT_ENTROPY
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void validate_entropy_seed_injection( int seed_length_a,
+ int expected_status_a,
+ int seed_length_b,
+ int expected_status_b )
+{
+ psa_status_t status;
+ uint8_t output[32] = { 0 };
+ uint8_t zeros[32] = { 0 };
+ uint8_t *seed = NULL;
+ int i;
+ int seed_size;
+ if( seed_length_a > seed_length_b )
+ {
+ seed_size = seed_length_a;
+ }
+ else
+ {
+ seed_size = seed_length_b;
+ }
+ ASSERT_ALLOC( seed, seed_size );
+ /* fill seed with some data */
+ for( i = 0; i < seed_size; ++i )
+ {
+ seed[i] = i;
+ }
+ status = remove_seed_file( );
+ TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+ ( status == PSA_ERROR_DOES_NOT_EXIST ) );
+ status = mbedtls_psa_inject_entropy( seed, seed_length_a );
+ TEST_EQUAL( status, expected_status_a );
+ status = mbedtls_psa_inject_entropy( seed, seed_length_b );
+ TEST_EQUAL( status, expected_status_b );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_generate_random( output,
+ sizeof( output ) ) );
+ TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 );
+exit:
+ mbedtls_free( seed );
+ remove_seed_file( );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void run_entropy_inject_with_crypto_init( )
+{
+ psa_status_t status;
+ size_t i;
+ uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
+ /* fill seed with some data */
+ for( i = 0; i < sizeof( seed ); ++i )
+ {
+ seed[i] = i;
+ }
+ status = remove_seed_file( );
+ TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+ ( status == PSA_ERROR_DOES_NOT_EXIST ) );
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
+ PSA_ASSERT( status );
+ status = remove_seed_file( );
+ TEST_EQUAL( status, PSA_SUCCESS );
+ status = psa_crypto_init( );
+ TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
+ PSA_ASSERT( status );
+ status = psa_crypto_init( );
+ PSA_ASSERT( status );
+ mbedtls_psa_crypto_free( );
+ /* The seed is written by nv_seed callback functions therefore the injection will fail */
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+exit:
+ remove_seed_file( );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data
new file mode 100644
index 0000000..746d810
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_hash.data
@@ -0,0 +1,587 @@
+PSA hash finish: SHA-1 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"a8":"99f2aa95e36f95c2acb0eaf23998f030638f3f15"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"3000":"f944dcd635f9801f7ac90a407fbc479964dec024"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"42749e":"a444319e9b6cc1e8464c511ec0969c37d6bb2619"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"9fc3fe08":"16a0ff84fcc156fd5d3ca3a744f20a232d172253"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"b5c1c6f1af":"fec9deebfcdedaf66dda525e1be43597a73a1f93"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"ec29561244ede706b6eb30a1c371d74450a105c3f9735f7fa9fe38cf67f304a5736a106e92e17139a6813b1c81a4f3d3fb9546ab4296fa9f722826c066869edacd73b2548035185813e22634a9da44000d95a281ff9f264ecce0a931222162d021cca28db5f3c2aa24945ab1e31cb413ae29810fd794cad5dfaf29ec43cb38d198fe4ae1da2359780221405bd6712a5305da4b1b737fce7cd21c0eb7728d08235a9011":"970111c4e77bcc88cc20459c02b69b4aa8f58217"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"5fc2c3f6a7e79dc94be526e5166a238899d54927ce470018fbfd668fd9dd97cbf64e2c91584d01da63be3cc9fdff8adfefc3ac728e1e335b9cdc87f069172e323d094b47fa1e652afe4d6aa147a9f46fda33cacb65f3aa12234746b9007a8c85fe982afed7815221e43dba553d8fe8a022cdac1b99eeeea359e5a9d2e72e382dffa6d19f359f4f27dc3434cd27daeeda8e38594873398678065fbb23665aba9309d946135da0e4a4afdadff14db18e85e71dd93c3bf9faf7f25c8194c4269b1ee3d9934097ab990025d9c3aaf63d5109f52335dd3959d38ae485050e4bbb6235574fc0102be8f7a306d6e8de6ba6becf80f37415b57f9898a5824e77414197422be3d36a6080":"0423dc76a8791107d14e13f5265b343f24cc0f19"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #9
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"0f865f46a8f3aed2da18482aa09a8f390dc9da07d51d1bd10fe0bf5f3928d5927d08733d32075535a6d1c8ac1b2dc6ba0f2f633dc1af68e3f0fa3d85e6c60cb7b56c239dc1519a007ea536a07b518ecca02a6c31b46b76f021620ef3fc6976804018380e5ab9c558ebfc5cb1c9ed2d974722bf8ab6398f1f2b82fa5083f85c16a5767a3a07271d67743f00850ce8ec428c7f22f1cf01f99895c0c844845b06a06cecb0c6cf83eb55a1d4ebc44c2c13f6f7aa5e0e08abfd84e7864279057abc471ee4a45dbbb5774afa24e51791a0eada11093b88681fe30baa3b2e94113dc63342c51ca5d1a6096d0897b626e42cb91761058008f746f35465465540ad8c6b8b60f7e1461b3ce9e6529625984cb8c7d46f07f735be067588a0117f23e34ff57800e2bbe9a1605fde6087fb15d22c5d3ac47566b8c448b0cee40373e5ba6eaa21abee71366afbb27dbbd300477d70c371e7b8963812f5ed4fb784fb2f3bd1d3afe883cdd47ef32beaea":"6692a71d73e00f27df976bc56df4970650d90e45"
+
+PSA hash finish: SHA-1 Test Vector NIST CAVS #10
+depends_on:MBEDTLS_SHA1_C
+hash_finish:PSA_ALG_SHA_1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713"
+
+PSA hash finish: SHA-224 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"5fd4":"7c4fbf484498d21b487b9d61de8914b2eadaf2698712936d47c3ada2558f6788"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"c98c8e55":"7abc22c0ae5af26ce93dbb94433a0e0b2e119d014f8e7f65bd56c61ccccd9504"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"81a723d966":"7516fb8bb11350df2bf386bc3c33bd0f52cb4c67c6e4745e0488e62c2aea2605"
+
+PSA hash finish: SHA-256 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA256_C
+hash_finish:PSA_ALG_SHA_256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980"
+
+PSA hash finish: SHA-384 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"8f":"e4cd2d19931b5aad9c920f45f56f6ce34e3d38c6d319a6e11d0588ab8b838576d6ce6d68eea7c830de66e2bd96458bfa7aafbcbec981d4ed040498c3dd95f22a"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"e724":"7dbb520221a70287b23dbcf62bfc1b73136d858e86266732a7fffa875ecaa2c1b8f673b5c065d360c563a7b9539349f5f59bef8c0c593f9587e3cd50bb26a231"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"de4c90":"33ce98281045a5c4c9df0363d8196f1d7dfcd5ee46ac89776fd8a4344c12f123a66788af5bd41ceff1941aa5637654b4064c88c14e00465ab79a2fc6c97e1014"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"a801e94b":"dadb1b5a27f9fece8d86adb2a51879beb1787ff28f4e8ce162cad7fee0f942efcabbf738bc6f797fc7cc79a3a75048cd4c82ca0757a324695bfb19a557e56e2f"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"94390d3502":"b6175c4c4cccf69e0ce5f0312010886ea6b34d43673f942ae42483f9cbb7da817de4e11b5d58e25a3d9bd721a22cdffe1c40411cc45df1911fa5506129b69297"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"49297dd63e5f":"1fcc1e6f6870859d11649f5e5336a9cd16329c029baf04d5a6edf257889a2e9522b497dd656bb402da461307c4ee382e2e89380c8e6e6e7697f1e439f650fa94"
+
+PSA hash finish: SHA-512 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA512_C
+hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
+
+PSA hash finish: MD2 Test vector RFC1319 #1
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773"
+
+PSA hash finish: MD2 Test vector RFC1319 #2
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
+
+PSA hash finish: MD2 Test vector RFC1319 #3
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb"
+
+PSA hash finish: MD2 Test vector RFC1319 #4
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0"
+
+PSA hash finish: MD2 Test vector RFC1319 #5
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b"
+
+PSA hash finish: MD2 Test vector RFC1319 #6
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd"
+
+PSA hash finish: MD2 Test vector RFC1319 #7
+depends_on:MBEDTLS_MD2_C
+hash_finish:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8"
+
+PSA hash finish: MD4 Test vector RFC1320 #1
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0"
+
+PSA hash finish: MD4 Test vector RFC1320 #2
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24"
+
+PSA hash finish: MD4 Test vector RFC1320 #3
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d"
+
+PSA hash finish: MD4 Test vector RFC1320 #4
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b"
+
+PSA hash finish: MD4 Test vector RFC1320 #5
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9"
+
+PSA hash finish: MD4 Test vector RFC1320 #6
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4"
+
+PSA hash finish: MD4 Test vector RFC1320 #7
+depends_on:MBEDTLS_MD4_C
+hash_finish:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536"
+
+PSA hash finish: MD5 Test vector RFC1321 #1
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
+
+PSA hash finish: MD5 Test vector RFC1321 #2
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"61":"0cc175b9c0f1b6a831c399e269772661"
+
+PSA hash finish: MD5 Test vector RFC1321 #3
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72"
+
+PSA hash finish: MD5 Test vector RFC1321 #4
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"6d65737361676520646967657374":"f96b697d7cb7938d525a2f31aaf161d0"
+
+PSA hash finish: MD5 Test vector RFC1321 #5
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"c3fcd3d76192e4007dfb496cca67e13b"
+
+PSA hash finish: MD5 Test vector RFC1321 #6
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"d174ab98d277d9f5a5611c2c9f419d9f"
+
+PSA hash finish: MD5 Test vector RFC1321 #7
+depends_on:MBEDTLS_MD5_C
+hash_finish:PSA_ALG_MD5:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"57edf4a22be3c955ac49da2e2107b67a"
+
+PSA hash finish: RIPEMD160 Test vector from paper #1
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31"
+
+PSA hash finish: RIPEMD160 Test vector from paper #2
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"61":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe"
+
+PSA hash finish: RIPEMD160 Test vector from paper #3
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"616263":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc"
+
+PSA hash finish: RIPEMD160 Test vector from paper #4
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"6d65737361676520646967657374":"5d0689ef49d2fae572b881b123a85ffa21595f36"
+
+PSA hash finish: RIPEMD160 Test vector from paper #5
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc"
+
+PSA hash finish: RIPEMD160 Test vector from paper #6
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"12a053384a9c0c88e405a06c27dcf49ada62eb2b"
+
+PSA hash finish: RIPEMD160 Test vector from paper #7
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"b0e20b6e3116640286ed3a87a5713079b21f5189"
+
+PSA hash finish: RIPEMD160 Test vector from paper #8
+depends_on:MBEDTLS_RIPEMD160_C
+hash_finish:PSA_ALG_RIPEMD160:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+
+PSA hash verify: SHA-1
+depends_on:MBEDTLS_SHA1_C
+hash_verify:PSA_ALG_SHA_1:"bd":"9034aaf45143996a2b14465c352ab0c6fa26b221"
+
+PSA hash verify: SHA-224
+depends_on:MBEDTLS_SHA256_C
+hash_verify:PSA_ALG_SHA_224:"bd":"b1e46bb9efe45af554363449c6945a0d6169fc3a5a396a56cb97cb57"
+
+PSA hash verify: SHA-256
+depends_on:MBEDTLS_SHA256_C
+hash_verify:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
+
+PSA hash verify: SHA-384
+depends_on:MBEDTLS_SHA512_C
+hash_verify:PSA_ALG_SHA_384:"bd":"4372e38a92a28b5d2c391e62452a86d50e0267228be176c77d2402effe9fa50de407bbb851b37d5904aba2dede74da2a"
+
+PSA hash verify: SHA-512
+depends_on:MBEDTLS_SHA512_C
+hash_verify:PSA_ALG_SHA_512:"bd":"296e2267d74c278daaaa940d17b0cfb74a5083f8e069726d8c841cbe596e0431cb7741a5b50f71666cfd54bacb7b00aea891499cf4ef6a03c8a83fe37c3f7baf"
+
+PSA hash verify: MD2
+depends_on:MBEDTLS_MD2_C
+hash_verify:PSA_ALG_MD2:"bd":"8c9c17665d25b35fc413c41805c679cf"
+
+PSA hash verify: MD4
+depends_on:MBEDTLS_MD4_C
+hash_verify:PSA_ALG_MD4:"bd":"18c33f97297efe5f8a732258289fda25"
+
+PSA hash verify: MD5
+depends_on:MBEDTLS_MD5_C
+hash_verify:PSA_ALG_MD5:"bd":"abae57cb562ecf295b4a37a76efe61fb"
+
+PSA hash verify: RIPEMD160
+depends_on:MBEDTLS_RIPEMD160_C
+hash_verify:PSA_ALG_RIPEMD160:"bd":"5089265ee5d9af75d12dbf7ea2f27dbdee435b37"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"a8":"99f2aa95e36f95c2acb0eaf23998f030638f3f15"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"3000":"f944dcd635f9801f7ac90a407fbc479964dec024"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"42749e":"a444319e9b6cc1e8464c511ec0969c37d6bb2619"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"9fc3fe08":"16a0ff84fcc156fd5d3ca3a744f20a232d172253"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"b5c1c6f1af":"fec9deebfcdedaf66dda525e1be43597a73a1f93"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"ec29561244ede706b6eb30a1c371d74450a105c3f9735f7fa9fe38cf67f304a5736a106e92e17139a6813b1c81a4f3d3fb9546ab4296fa9f722826c066869edacd73b2548035185813e22634a9da44000d95a281ff9f264ecce0a931222162d021cca28db5f3c2aa24945ab1e31cb413ae29810fd794cad5dfaf29ec43cb38d198fe4ae1da2359780221405bd6712a5305da4b1b737fce7cd21c0eb7728d08235a9011":"970111c4e77bcc88cc20459c02b69b4aa8f58217"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"5fc2c3f6a7e79dc94be526e5166a238899d54927ce470018fbfd668fd9dd97cbf64e2c91584d01da63be3cc9fdff8adfefc3ac728e1e335b9cdc87f069172e323d094b47fa1e652afe4d6aa147a9f46fda33cacb65f3aa12234746b9007a8c85fe982afed7815221e43dba553d8fe8a022cdac1b99eeeea359e5a9d2e72e382dffa6d19f359f4f27dc3434cd27daeeda8e38594873398678065fbb23665aba9309d946135da0e4a4afdadff14db18e85e71dd93c3bf9faf7f25c8194c4269b1ee3d9934097ab990025d9c3aaf63d5109f52335dd3959d38ae485050e4bbb6235574fc0102be8f7a306d6e8de6ba6becf80f37415b57f9898a5824e77414197422be3d36a6080":"0423dc76a8791107d14e13f5265b343f24cc0f19"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #9
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"0f865f46a8f3aed2da18482aa09a8f390dc9da07d51d1bd10fe0bf5f3928d5927d08733d32075535a6d1c8ac1b2dc6ba0f2f633dc1af68e3f0fa3d85e6c60cb7b56c239dc1519a007ea536a07b518ecca02a6c31b46b76f021620ef3fc6976804018380e5ab9c558ebfc5cb1c9ed2d974722bf8ab6398f1f2b82fa5083f85c16a5767a3a07271d67743f00850ce8ec428c7f22f1cf01f99895c0c844845b06a06cecb0c6cf83eb55a1d4ebc44c2c13f6f7aa5e0e08abfd84e7864279057abc471ee4a45dbbb5774afa24e51791a0eada11093b88681fe30baa3b2e94113dc63342c51ca5d1a6096d0897b626e42cb91761058008f746f35465465540ad8c6b8b60f7e1461b3ce9e6529625984cb8c7d46f07f735be067588a0117f23e34ff57800e2bbe9a1605fde6087fb15d22c5d3ac47566b8c448b0cee40373e5ba6eaa21abee71366afbb27dbbd300477d70c371e7b8963812f5ed4fb784fb2f3bd1d3afe883cdd47ef32beaea":"6692a71d73e00f27df976bc56df4970650d90e45"
+
+PSA hash multi part: SHA-1 Test Vector NIST CAVS #10
+depends_on:MBEDTLS_SHA1_C
+hash_multi_part:PSA_ALG_SHA_1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713"
+
+PSA hash multi part: SHA-224 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"5fd4":"7c4fbf484498d21b487b9d61de8914b2eadaf2698712936d47c3ada2558f6788"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"c98c8e55":"7abc22c0ae5af26ce93dbb94433a0e0b2e119d014f8e7f65bd56c61ccccd9504"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"81a723d966":"7516fb8bb11350df2bf386bc3c33bd0f52cb4c67c6e4745e0488e62c2aea2605"
+
+PSA hash multi part: SHA-256 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA256_C
+hash_multi_part:PSA_ALG_SHA_256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980"
+
+PSA hash multi part: SHA-384 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #1
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #2
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"8f":"e4cd2d19931b5aad9c920f45f56f6ce34e3d38c6d319a6e11d0588ab8b838576d6ce6d68eea7c830de66e2bd96458bfa7aafbcbec981d4ed040498c3dd95f22a"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #3
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"e724":"7dbb520221a70287b23dbcf62bfc1b73136d858e86266732a7fffa875ecaa2c1b8f673b5c065d360c563a7b9539349f5f59bef8c0c593f9587e3cd50bb26a231"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #4
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"de4c90":"33ce98281045a5c4c9df0363d8196f1d7dfcd5ee46ac89776fd8a4344c12f123a66788af5bd41ceff1941aa5637654b4064c88c14e00465ab79a2fc6c97e1014"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #5
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"a801e94b":"dadb1b5a27f9fece8d86adb2a51879beb1787ff28f4e8ce162cad7fee0f942efcabbf738bc6f797fc7cc79a3a75048cd4c82ca0757a324695bfb19a557e56e2f"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #6
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"94390d3502":"b6175c4c4cccf69e0ce5f0312010886ea6b34d43673f942ae42483f9cbb7da817de4e11b5d58e25a3d9bd721a22cdffe1c40411cc45df1911fa5506129b69297"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #7
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"49297dd63e5f":"1fcc1e6f6870859d11649f5e5336a9cd16329c029baf04d5a6edf257889a2e9522b497dd656bb402da461307c4ee382e2e89380c8e6e6e7697f1e439f650fa94"
+
+PSA hash multi part: SHA-512 Test Vector NIST CAVS #8
+depends_on:MBEDTLS_SHA512_C
+hash_multi_part:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
+
+PSA hash multi part: MD2 Test vector RFC1319 #1
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773"
+
+PSA hash multi part: MD2 Test vector RFC1319 #2
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
+
+PSA hash multi part: MD2 Test vector RFC1319 #3
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb"
+
+PSA hash multi part: MD2 Test vector RFC1319 #4
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0"
+
+PSA hash multi part: MD2 Test vector RFC1319 #5
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b"
+
+PSA hash multi part: MD2 Test vector RFC1319 #6
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd"
+
+PSA hash multi part: MD2 Test vector RFC1319 #7
+depends_on:MBEDTLS_MD2_C
+hash_multi_part:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8"
+
+PSA hash multi part: MD4 Test vector RFC1320 #1
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0"
+
+PSA hash multi part: MD4 Test vector RFC1320 #2
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24"
+
+PSA hash multi part: MD4 Test vector RFC1320 #3
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d"
+
+PSA hash multi part: MD4 Test vector RFC1320 #4
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b"
+
+PSA hash multi part: MD4 Test vector RFC1320 #5
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9"
+
+PSA hash multi part: MD4 Test vector RFC1320 #6
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4"
+
+PSA hash multi part: MD4 Test vector RFC1320 #7
+depends_on:MBEDTLS_MD4_C
+hash_multi_part:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536"
+
+PSA hash multi part: MD5 Test vector RFC1321 #1
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
+
+PSA hash multi part: MD5 Test vector RFC1321 #2
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"61":"0cc175b9c0f1b6a831c399e269772661"
+
+PSA hash multi part: MD5 Test vector RFC1321 #3
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72"
+
+PSA hash multi part: MD5 Test vector RFC1321 #4
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"6d65737361676520646967657374":"f96b697d7cb7938d525a2f31aaf161d0"
+
+PSA hash multi part: MD5 Test vector RFC1321 #5
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"c3fcd3d76192e4007dfb496cca67e13b"
+
+PSA hash multi part: MD5 Test vector RFC1321 #6
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"d174ab98d277d9f5a5611c2c9f419d9f"
+
+PSA hash multi part: MD5 Test vector RFC1321 #7
+depends_on:MBEDTLS_MD5_C
+hash_multi_part:PSA_ALG_MD5:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"57edf4a22be3c955ac49da2e2107b67a"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #1
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #2
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"61":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #3
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"616263":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #4
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"6d65737361676520646967657374":"5d0689ef49d2fae572b881b123a85ffa21595f36"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #5
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #6
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"12a053384a9c0c88e405a06c27dcf49ada62eb2b"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #7
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"b0e20b6e3116640286ed3a87a5713079b21f5189"
+
+PSA hash multi part: RIPEMD160 Test vector from paper #8
+depends_on:MBEDTLS_RIPEMD160_C
+hash_multi_part:PSA_ALG_RIPEMD160:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
new file mode 100644
index 0000000..8abd4e2
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -0,0 +1,104 @@
+/* BEGIN_HEADER */
+
+#include <stdint.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+
+#include "psa/crypto.h"
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_finish( int alg_arg, data_t *input, data_t *expected_hash )
+{
+ psa_algorithm_t alg = alg_arg;
+ unsigned char actual_hash[PSA_HASH_MAX_SIZE];
+ size_t actual_hash_length;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation,
+ input->x, input->len ) );
+ PSA_ASSERT( psa_hash_finish( &operation,
+ actual_hash, sizeof( actual_hash ),
+ &actual_hash_length ) );
+ ASSERT_COMPARE( expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_verify( int alg_arg, data_t *input, data_t *expected_hash )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation,
+ input->x,
+ input->len ) );
+ PSA_ASSERT( psa_hash_verify( &operation,
+ expected_hash->x,
+ expected_hash->len ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multi_part( int alg_arg, data_t *input, data_t *expected_hash )
+{
+ psa_algorithm_t alg = alg_arg;
+ unsigned char actual_hash[PSA_HASH_MAX_SIZE];
+ size_t actual_hash_length;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation2 = PSA_HASH_OPERATION_INIT;
+ uint32_t len = 0;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ do
+ {
+ memset( actual_hash, 0, sizeof( actual_hash ) );
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+
+ PSA_ASSERT( psa_hash_update( &operation,
+ input->x, len ) );
+ PSA_ASSERT( psa_hash_clone( &operation, &operation2 ) );
+ PSA_ASSERT( psa_hash_update( &operation,
+ input->x + len, input->len - len ) );
+ PSA_ASSERT( psa_hash_update( &operation2,
+ input->x + len, input->len - len ) );
+
+ PSA_ASSERT( psa_hash_finish( &operation,
+ actual_hash, sizeof( actual_hash ),
+ &actual_hash_length ) );
+ ASSERT_COMPARE( expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length );
+
+ PSA_ASSERT( psa_hash_finish( &operation2,
+ actual_hash, sizeof( actual_hash ),
+ &actual_hash_length ) );
+ ASSERT_COMPARE( expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length );
+ } while( len++ != input->len );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_init.data b/tests/suites/test_suite_psa_crypto_init.data
new file mode 100644
index 0000000..c57a764
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_init.data
@@ -0,0 +1,56 @@
+Create NV seed file
+create_nv_seed:
+
+PSA init/deinit
+init_deinit:2
+
+PSA deinit without init
+deinit_without_init:0
+
+PSA deinit twice
+deinit_without_init:1
+
+No random without init
+validate_module_init_generate_random:0
+
+No key slot access without init
+validate_module_init_key_based:0
+
+No random after deinit
+validate_module_init_generate_random:1
+
+No key slot access after deinit
+validate_module_init_key_based:1
+
+Custom entropy sources: all standard
+custom_entropy_sources:0x0000ffff:PSA_SUCCESS
+
+Custom entropy sources: none
+custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
+
+Fake entropy: never returns anything
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:0:PSA_ERROR_INSUFFICIENT_ENTROPY
+
+Fake entropy: less than the block size
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
+
+Fake entropy: one block eventually
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
+
+Fake entropy: one block in two steps
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:1:-1:-1:PSA_SUCCESS
+
+Fake entropy: more than one block in two steps
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:PSA_SUCCESS
+
+NV seed only: less than minimum
+entropy_from_nv_seed:MBEDTLS_ENTROPY_MIN_PLATFORM - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
+
+NV seed only: less than one block
+entropy_from_nv_seed:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
+
+NV seed only: just enough
+entropy_from_nv_seed:ENTROPY_MIN_NV_SEED_SIZE:PSA_SUCCESS
+
+Recreate NV seed file
+create_nv_seed:
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
new file mode 100644
index 0000000..c8f6e1b
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -0,0 +1,284 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+#include "psa/crypto.h"
+
+/* Some tests in this module configure entropy sources. */
+#include "psa_crypto_invasive.h"
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+
+#define ENTROPY_MIN_NV_SEED_SIZE \
+ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+typedef struct
+{
+ size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
+ size_t max_steps;
+ size_t *length_sequence;
+ size_t step;
+} fake_entropy_state_t;
+static int fake_entropy_source( void *state_arg,
+ unsigned char *output, size_t len,
+ size_t *olen )
+{
+ fake_entropy_state_t *state = state_arg;
+ size_t i;
+
+ if( state->step >= state->max_steps )
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+ *olen = MIN( len, state->length_sequence[state->step] );
+ for( i = 0; i < *olen; i++ )
+ output[i] = i;
+ ++state->step;
+ return( 0 );
+}
+
+#define ENTROPY_SOURCE_PLATFORM 0x00000001
+#define ENTROPY_SOURCE_TIMING 0x00000002
+#define ENTROPY_SOURCE_HAVEGE 0x00000004
+#define ENTROPY_SOURCE_HARDWARE 0x00000008
+#define ENTROPY_SOURCE_NV_SEED 0x00000010
+#define ENTROPY_SOURCE_FAKE 0x40000000
+
+static uint32_t custom_entropy_sources_mask;
+static fake_entropy_state_t fake_entropy_state;
+
+/* This is a modified version of mbedtls_entropy_init() from entropy.c
+ * which chooses entropy sources dynamically. */
+static void custom_entropy_init( mbedtls_entropy_context *ctx )
+{
+ ctx->source_count = 0;
+ memset( ctx->source, 0, sizeof( ctx->source ) );
+
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_mutex_init( &ctx->mutex );
+#endif
+
+ ctx->accumulator_started = 0;
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+ mbedtls_sha512_init( &ctx->accumulator );
+#else
+ mbedtls_sha256_init( &ctx->accumulator );
+#endif
+#if defined(MBEDTLS_HAVEGE_C)
+ mbedtls_havege_init( &ctx->havege_data );
+#endif
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
+ mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_PLATFORM,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#if defined(MBEDTLS_TIMING_C)
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
+ mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDCLOCK,
+ MBEDTLS_ENTROPY_SOURCE_WEAK );
+#endif
+#if defined(MBEDTLS_HAVEGE_C)
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
+ mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
+ MBEDTLS_ENTROPY_MIN_HAVEGE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
+ mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
+ MBEDTLS_ENTROPY_MIN_HARDWARE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
+ {
+ mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+ ctx->initial_entropy_run = 0;
+ }
+ else
+ {
+ /* Skip the NV seed even though it's compiled in. */
+ ctx->initial_entropy_run = 1;
+ }
+#endif
+
+ if( custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE )
+ mbedtls_entropy_add_source( ctx,
+ fake_entropy_source, &fake_entropy_state,
+ fake_entropy_state.threshold,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
+void create_nv_seed( )
+{
+ static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
+ TEST_ASSERT( mbedtls_nv_seed_write( seed, sizeof( seed ) ) >= 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void init_deinit( int count )
+{
+ psa_status_t status;
+ int i;
+ for( i = 0; i < count; i++ )
+ {
+ status = psa_crypto_init( );
+ PSA_ASSERT( status );
+ status = psa_crypto_init( );
+ PSA_ASSERT( status );
+ mbedtls_psa_crypto_free( );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void deinit_without_init( int count )
+{
+ int i;
+ for( i = 0; i < count; i++ )
+ {
+ PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_psa_crypto_free( );
+ }
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_generate_random( int count )
+{
+ psa_status_t status;
+ uint8_t random[10] = { 0 };
+ int i;
+ for( i = 0; i < count; i++ )
+ {
+ status = psa_crypto_init( );
+ PSA_ASSERT( status );
+ mbedtls_psa_crypto_free( );
+ }
+ status = psa_generate_random( random, sizeof( random ) );
+ TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_key_based( int count )
+{
+ psa_status_t status;
+ uint8_t data[10] = { 0 };
+ int i;
+ for( i = 0; i < count; i++ )
+ {
+ status = psa_crypto_init( );
+ PSA_ASSERT( status );
+ mbedtls_psa_crypto_free( );
+ }
+ status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
+ TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
+{
+ psa_status_t expected_init_status = expected_init_status_arg;
+ uint8_t random[10] = { 0 };
+
+ custom_entropy_sources_mask = sources_arg;
+ PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free ) );
+
+ TEST_EQUAL( psa_crypto_init( ), expected_init_status );
+ if( expected_init_status != PSA_SUCCESS )
+ goto exit;
+
+ PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void fake_entropy_source( int threshold,
+ int amount1,
+ int amount2,
+ int amount3,
+ int amount4,
+ int expected_init_status_arg )
+{
+ psa_status_t expected_init_status = expected_init_status_arg;
+ uint8_t random[10] = { 0 };
+ size_t lengths[4];
+
+ fake_entropy_state.threshold = threshold;
+ fake_entropy_state.step = 0;
+ fake_entropy_state.max_steps = 0;
+ if( amount1 >= 0 )
+ lengths[fake_entropy_state.max_steps++] = amount1;
+ if( amount2 >= 0 )
+ lengths[fake_entropy_state.max_steps++] = amount2;
+ if( amount3 >= 0 )
+ lengths[fake_entropy_state.max_steps++] = amount3;
+ if( amount4 >= 0 )
+ lengths[fake_entropy_state.max_steps++] = amount4;
+ fake_entropy_state.length_sequence = lengths;
+
+ custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
+ PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free ) );
+
+ TEST_EQUAL( psa_crypto_init( ), expected_init_status );
+ if( expected_init_status != PSA_SUCCESS )
+ goto exit;
+
+ PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
+void entropy_from_nv_seed( int seed_size_arg,
+ int expected_init_status_arg )
+{
+ psa_status_t expected_init_status = expected_init_status_arg;
+ uint8_t random[10] = { 0 };
+ uint8_t *seed = NULL;
+ size_t seed_size = seed_size_arg;
+
+ ASSERT_ALLOC( seed, seed_size );
+ TEST_ASSERT( mbedtls_nv_seed_write( seed, seed_size ) >= 0 );
+
+ custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
+ PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
+ custom_entropy_init, mbedtls_entropy_free ) );
+
+ TEST_EQUAL( psa_crypto_init( ), expected_init_status );
+ if( expected_init_status != PSA_SUCCESS )
+ goto exit;
+
+ PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
+
+exit:
+ mbedtls_free( seed );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
new file mode 100644
index 0000000..1e7a996
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -0,0 +1,447 @@
+Hash: MD2
+depends_on:MBEDTLS_MD2_C
+hash_algorithm:PSA_ALG_MD2:16
+
+Hash: MD4
+depends_on:MBEDTLS_MD4_C
+hash_algorithm:PSA_ALG_MD4:16
+
+Hash: MD5
+depends_on:MBEDTLS_MD5_C
+hash_algorithm:PSA_ALG_MD5:16
+
+Hash: RIPEMD160
+depends_on:MBEDTLS_RIPEMD160_C
+hash_algorithm:PSA_ALG_RIPEMD160:20
+
+Hash: SHA-1
+depends_on:MBEDTLS_SHA1_C
+hash_algorithm:PSA_ALG_SHA_1:20
+
+Hash: SHA-2 SHA-224
+depends_on:MBEDTLS_SHA256_C
+hash_algorithm:PSA_ALG_SHA_224:28
+
+Hash: SHA-2 SHA-256
+depends_on:MBEDTLS_SHA256_C
+hash_algorithm:PSA_ALG_SHA_256:32
+
+Hash: SHA-2 SHA-384
+depends_on:MBEDTLS_SHA512_C
+hash_algorithm:PSA_ALG_SHA_384:48
+
+Hash: SHA-2 SHA-512
+depends_on:MBEDTLS_SHA512_C
+hash_algorithm:PSA_ALG_SHA_512:64
+
+Hash: SHA-2 SHA-512/224
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
+hash_algorithm:PSA_ALG_SHA_512_224:28
+
+Hash: SHA-2 SHA-512/256
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
+hash_algorithm:PSA_ALG_SHA_512_256:32
+
+Hash: SHA-3 SHA3-224
+depends_on:MBEDTLS_SHA3_C
+hash_algorithm:PSA_ALG_SHA3_224:28
+
+Hash: SHA-3 SHA3-256
+depends_on:MBEDTLS_SHA3_C
+hash_algorithm:PSA_ALG_SHA3_256:32
+
+Hash: SHA-3 SHA3-384
+depends_on:MBEDTLS_SHA3_C
+hash_algorithm:PSA_ALG_SHA3_384:48
+
+Hash: SHA-3 SHA3-512
+depends_on:MBEDTLS_SHA3_C
+hash_algorithm:PSA_ALG_SHA3_512:64
+
+MAC: HMAC-MD2
+depends_on:MBEDTLS_MD2_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64
+
+MAC: HMAC-MD4
+depends_on:MBEDTLS_MD4_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):16:64
+
+MAC: HMAC-MD5
+depends_on:MBEDTLS_MD5_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64
+
+MAC: HMAC-RIPEMD160
+depends_on:MBEDTLS_RIPEMD160_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):20:64
+
+MAC: HMAC-SHA-1
+depends_on:MBEDTLS_SHA1_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):20:64
+
+MAC: HMAC-SHA-224
+depends_on:MBEDTLS_SHA256_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):28:64
+
+MAC: HMAC-SHA-256
+depends_on:MBEDTLS_SHA256_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):32:64
+
+MAC: HMAC-SHA-384
+depends_on:MBEDTLS_SHA512_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):48:128
+
+MAC: HMAC-SHA-512
+depends_on:MBEDTLS_SHA512_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128
+
+MAC: HMAC-SHA-512/224
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128
+
+MAC: HMAC-SHA-512/256
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128
+
+MAC: HMAC-SHA3-224
+depends_on:MBEDTLS_SHA3_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144
+
+MAC: HMAC-SHA3-256
+depends_on:MBEDTLS_SHA3_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136
+
+MAC: HMAC-SHA3-384
+depends_on:MBEDTLS_SHA3_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104
+
+MAC: HMAC-SHA3-512
+depends_on:MBEDTLS_SHA3_C
+hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72
+
+MAC: CBC_MAC-AES-128
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C
+mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
+
+MAC: CBC_MAC-AES-192
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C
+mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192
+
+MAC: CBC_MAC-AES-256
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C
+mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256
+
+MAC: CBC_MAC-3DES
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_C
+mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192
+
+MAC: CMAC-AES-128
+depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
+mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
+
+MAC: CMAC-AES-192
+depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
+mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192
+
+MAC: CMAC-AES-256
+depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
+mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256
+
+MAC: CMAC-3DES
+depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C
+mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192
+
+MAC: GMAC-AES-128
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
+
+MAC: GMAC-AES-192
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192
+
+MAC: GMAC-AES-256
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256
+
+Cipher: ARC4
+depends_on:MBEDTLS_ARC4_C
+cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER
+
+Cipher: CTR
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER
+
+Cipher: CFB
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CFB
+cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER
+
+Cipher: OFB
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB
+cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER
+
+Cipher: CBC-nopad
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0
+
+Cipher: CBC-PKCS#7
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+cipher_algorithm:PSA_ALG_CBC_PKCS7:0
+
+Cipher: XTS
+depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_XTS
+cipher_algorithm:PSA_ALG_XTS:0
+
+AEAD: CCM
+depends_on:MBEDTLS_CCM_C
+aead_algorithm:PSA_ALG_CCM:0:16
+
+AEAD: GCM
+depends_on:MBEDTLS_GCM_C
+aead_algorithm:PSA_ALG_GCM:0:16
+
+Asymmetric signature: RSA PKCS#1 v1.5 raw
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: RSA PKCS#1 v1.5 SHA-256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: RSA PSS SHA-256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256
+depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C
+asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: SHA-256 + deterministic DSA using SHA-256
+depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC
+asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: randomized ECDSA (no hashing)
+depends_on:MBEDTLS_ECDSA_C
+asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: SHA-256 + randomized ECDSA
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
+asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: SHA-256 + deterministic DSA using SHA-256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
+asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
+
+Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_signature_wildcard:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PKCS1V15_SIGN
+
+Asymmetric signature: RSA PSS with wildcard hash
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
+asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
+
+Asymmetric signature: randomized DSA with wildcard hash
+depends_on:MBEDTLS_DSA_C
+asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA
+
+Asymmetric signature: deterministic DSA with wildcard hash
+depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC
+asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC
+
+Asymmetric signature: randomized ECDSA with wildcard hash
+depends_on:MBEDTLS_ECDSA_C
+asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA
+
+Asymmetric signature: deterministic DSA with wildcard hash
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC
+asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC
+
+Asymmetric encryption: RSA PKCS#1 v1.5
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_encryption_algorithm:PSA_ALG_RSA_PKCS1V15_CRYPT:0
+
+Asymmetric encryption: RSA OAEP using SHA-256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_OAEP
+
+Key derivation: HKDF using SHA-256
+depends_on:MBEDTLS_SHA256_C
+key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF
+
+Key selection: raw
+key_selection_algorithm:PSA_ALG_SELECT_RAW:0
+
+Key agreement: FFDH, raw output
+depends_on:MBEDTLS_DHM_C
+key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_SELECT_RAW ):ALG_IS_FFDH:PSA_ALG_SELECT_RAW
+
+Key agreement: FFDH, HKDF using SHA-256
+depends_on:MBEDTLS_DHM_C
+key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+
+Key agreement: ECDH, raw output
+depends_on:MBEDTLS_ECDH_C
+key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ):ALG_IS_ECDH:PSA_ALG_SELECT_RAW
+
+Key agreement: ECDH, HKDF using SHA-256
+depends_on:MBEDTLS_ECDH_C
+key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+
+Key type: raw data
+key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: HMAC
+key_type:PSA_KEY_TYPE_HMAC:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: secret for key derivation
+key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: AES
+depends_on:MBEDTLS_AES_C
+key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: DES
+depends_on:MBEDTLS_DES_C
+key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: Camellia
+depends_on:MBEDTLS_CAMELLIA_C
+key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: ARC4
+depends_on:MBEDTLS_ARC4_C
+key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: RSA public key
+depends_on:MBEDTLS_RSA_C
+key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA
+
+Key type: RSA key pair
+depends_on:MBEDTLS_RSA_C
+key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA
+
+Key type: DSA public key
+depends_on:MBEDTLS_DSA_C
+key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA
+
+Key type: DSA key pair
+depends_on:MBEDTLS_DSA_C
+key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA
+
+ECC key types: sect163k1
+depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT163K1:163
+
+ECC key types: sect163r1
+depends_on:MBEDTLS_ECP_DP_SECT163R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT163R1:163
+
+ECC key types: sect163r2
+depends_on:MBEDTLS_ECP_DP_SECT163R2_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT163R2:163
+
+ECC key types: sect193r1
+depends_on:MBEDTLS_ECP_DP_SECT193R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT193R1:193
+
+ECC key types: sect193r2
+depends_on:MBEDTLS_ECP_DP_SECT193R2_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT193R2:193
+
+ECC key types: sect233k1
+depends_on:MBEDTLS_ECP_DP_SECT233K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT233K1:233
+
+ECC key types: sect233r1
+depends_on:MBEDTLS_ECP_DP_SECT233R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT233R1:233
+
+ECC key types: sect239k1
+depends_on:MBEDTLS_ECP_DP_SECT239K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT239K1:239
+
+ECC key types: sect283k1
+depends_on:MBEDTLS_ECP_DP_SECT283K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT283K1:283
+
+ECC key types: sect283r1
+depends_on:MBEDTLS_ECP_DP_SECT283R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT283R1:283
+
+ECC key types: sect409k1
+depends_on:MBEDTLS_ECP_DP_SECT409K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT409K1:409
+
+ECC key types: sect409r1
+depends_on:MBEDTLS_ECP_DP_SECT409R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT409R1:409
+
+ECC key types: sect571k1
+depends_on:MBEDTLS_ECP_DP_SECT571K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT571K1:571
+
+ECC key types: sect571r1
+depends_on:MBEDTLS_ECP_DP_SECT571R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECT571R1:571
+
+ECC key types: secp160k1
+depends_on:MBEDTLS_ECP_DP_SECP160K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP160K1:160
+
+ECC key types: secp160r1
+depends_on:MBEDTLS_ECP_DP_SECP160R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP160R1:160
+
+ECC key types: secp160r2
+depends_on:MBEDTLS_ECP_DP_SECP160R2_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP160R2:160
+
+ECC key types: secp192k1
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP192K1:192
+
+ECC key types: secp192r1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP192R1:192
+
+ECC key types: secp224k1
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP224K1:224
+
+ECC key types: secp224r1
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP224R1:224
+
+ECC key types: secp256k1
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP256K1:256
+
+ECC key types: secp256r1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP256R1:256
+
+ECC key types: secp384r1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP384R1:384
+
+ECC key types: secp521r1
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_SECP521R1:521
+
+ECC key types: Brainpool P256R1
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1:256
+
+ECC key types: Brainpool P384R1
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1:384
+
+ECC key types: Brainpool P512R1
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1:512
+
+ECC key types: Curve25519
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecc_key_types:PSA_ECC_CURVE_CURVE25519:255
+
+ECC key types: Curve448
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecc_key_types:PSA_ECC_CURVE_CURVE448:448
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
new file mode 100644
index 0000000..01c8628
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -0,0 +1,485 @@
+/* BEGIN_HEADER */
+/* Test macros that provide metadata about algorithms and key types.
+ * This test suite only contains tests that don't require executing
+ * code. Other test suites validate macros that require creating a key
+ * and using it. */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+
+#include "psa/crypto.h"
+
+/* Flags for algorithm classification macros. There is a flag for every
+ * algorithm classification macro PSA_ALG_IS_xxx except for the
+ * category test macros, which are hard-coded in each
+ * category-specific function. The name of the flag is the name of the
+ * classification macro without the PSA_ prefix. */
+#define ALG_IS_VENDOR_DEFINED ( 1u << 0 )
+#define ALG_IS_HMAC ( 1u << 1 )
+#define ALG_IS_BLOCK_CIPHER_MAC ( 1u << 2 )
+#define ALG_IS_STREAM_CIPHER ( 1u << 3 )
+#define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 )
+#define ALG_IS_RSA_PSS ( 1u << 5 )
+#define ALG_IS_DSA ( 1u << 6 )
+#define ALG_DSA_IS_DETERMINISTIC ( 1u << 7 )
+#define ALG_IS_DETERMINISTIC_DSA ( 1u << 8 )
+#define ALG_IS_RANDOMIZED_DSA ( 1u << 9 )
+#define ALG_IS_ECDSA ( 1u << 10 )
+#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 11 )
+#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 12 )
+#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 13 )
+#define ALG_IS_HASH_AND_SIGN ( 1u << 14 )
+#define ALG_IS_RSA_OAEP ( 1u << 15 )
+#define ALG_IS_HKDF ( 1u << 16 )
+#define ALG_IS_FFDH ( 1u << 17 )
+#define ALG_IS_ECDH ( 1u << 18 )
+#define ALG_IS_WILDCARD ( 1u << 19 )
+
+/* Flags for key type classification macros. There is a flag for every
+ * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
+ * are tested as derived from other macros. The name of the flag is
+ * the name of the classification macro without the PSA_ prefix. */
+#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 )
+#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 )
+#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 )
+#define KEY_TYPE_IS_KEYPAIR ( 1u << 3 )
+#define KEY_TYPE_IS_RSA ( 1u << 4 )
+#define KEY_TYPE_IS_DSA ( 1u << 5 )
+#define KEY_TYPE_IS_ECC ( 1u << 6 )
+
+#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
+ TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
+
+void algorithm_classification( psa_algorithm_t alg, unsigned flags )
+{
+ TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags );
+ if ( PSA_ALG_IS_DSA( alg ) )
+ TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags );
+ if ( PSA_ALG_IS_ECDSA( alg ) )
+ TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
+ TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
+exit: ;
+}
+
+void key_type_classification( psa_key_type_t type, unsigned flags )
+{
+ /* Macros tested based on the test case parameter */
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
+
+ /* Macros with derived semantics */
+ TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
+ ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ||
+ PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
+ TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ),
+ ( PSA_KEY_TYPE_IS_ECC( type ) &&
+ PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
+ TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
+ ( PSA_KEY_TYPE_IS_ECC( type ) &&
+ PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
+
+exit: ;
+}
+
+void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
+ psa_key_type_t key_type, size_t key_bits,
+ size_t length )
+{
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+
+ /* Length */
+ TEST_EQUAL( length, PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) );
+
+exit: ;
+}
+
+void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
+ size_t tag_length )
+{
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+
+ /* Tag length */
+ TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( alg ) );
+
+exit: ;
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_algorithm( int alg_arg, int length_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ size_t length = length_arg;
+ psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg );
+ psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg );
+ psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg );
+ psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg );
+ psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg );
+ psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg );
+ psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg );
+ psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg );
+ psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg );
+
+ /* Algorithm classification */
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, 0 );
+
+ /* Dependent algorithms */
+ TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( hmac_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( dsa_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ), alg );
+ TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ), alg );
+ TEST_EQUAL( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ), alg );
+ TEST_EQUAL( PSA_ALG_HKDF_GET_HASH( hkdf_alg ), alg );
+
+ /* Hash length */
+ TEST_EQUAL( length, PSA_HASH_SIZE( alg ) );
+ TEST_ASSERT( length <= PSA_HASH_MAX_SIZE );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_algorithm( int alg_arg, int classification_flags,
+ int length_arg,
+ int key_type_arg, int key_bits_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ size_t length = length_arg;
+ size_t n;
+ size_t key_type = key_type_arg;
+ size_t key_bits = key_bits_arg;
+
+ mac_algorithm_core( alg, classification_flags,
+ key_type, key_bits, length );
+ TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( alg ), alg );
+ TEST_ASSERT( length <= PSA_MAC_MAX_SIZE );
+
+ /* Truncated versions */
+ for( n = 1; n <= length; n++ )
+ {
+ psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
+ mac_algorithm_core( truncated_alg, classification_flags,
+ key_type, key_bits, n );
+ TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( truncated_alg ), alg );
+ /* Check that calling PSA_ALG_TRUNCATED_MAC twice gives the length
+ * of the outer truncation (even if the outer length is smaller than
+ * the inner length). */
+ TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, 1 ),
+ PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
+ TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length - 1 ),
+ PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
+ TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ),
+ PSA_ALG_TRUNCATED_MAC( alg, length ) );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hmac_algorithm( int alg_arg,
+ int length_arg,
+ int block_size_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
+ size_t block_size = block_size_arg;
+ size_t length = length_arg;
+ size_t n;
+
+ TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) );
+ TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg );
+
+ TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE );
+
+ test_mac_algorithm( alg_arg, ALG_IS_HMAC, length,
+ PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length ) );
+
+ for( n = 1; n <= length; n++ )
+ {
+ psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
+ TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( truncated_alg ), hash_alg );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_algorithm( int alg_arg, int classification_flags )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_algorithm( int alg_arg, int classification_flags,
+ int tag_length_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ size_t tag_length = tag_length_arg;
+ size_t n;
+
+ aead_algorithm_core( alg, classification_flags, tag_length );
+
+ /* Truncated versions */
+ for( n = 1; n <= tag_length; n++ )
+ {
+ psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, n );
+ aead_algorithm_core( truncated_alg, classification_flags, n );
+ TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( truncated_alg ),
+ alg );
+ /* Check that calling PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH twice gives
+ * the length of the outer truncation (even if the outer length is
+ * smaller than the inner length). */
+ TEST_EQUAL( PSA_ALG_AEAD_WITH_TAG_LENGTH( truncated_alg, 1 ),
+ PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 1 ) );
+ TEST_EQUAL( PSA_ALG_AEAD_WITH_TAG_LENGTH( truncated_alg, tag_length - 1 ),
+ PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, tag_length - 1) );
+ TEST_EQUAL( PSA_ALG_AEAD_WITH_TAG_LENGTH( truncated_alg, tag_length ),
+ PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, tag_length ) );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
+{
+ classification_flags |= ALG_IS_HASH_AND_SIGN | ALG_IS_WILDCARD;
+ test_asymmetric_signature_algorithm( alg_arg, classification_flags );
+ /* Any failure of this test function comes from
+ * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */
+ goto exit;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_derivation_algorithm( int alg_arg, int classification_flags )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+
+ /* Check combinations with key agreements */
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_selection_algorithm( int alg_arg, int classification_flags )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+
+ /* Check combinations with key agreements */
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
+ TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_agreement_algorithm( int alg_arg, int classification_flags,
+ int post_alg_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t actual_post_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t expected_post_alg = post_alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
+ algorithm_classification( alg, classification_flags );
+
+ /* Shared secret derivation properties */
+ TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( actual_post_alg ) ||
+ PSA_ALG_IS_KEY_SELECTION( actual_post_alg ) );
+ TEST_EQUAL( actual_post_alg, expected_post_alg );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_type( int type_arg, int classification_flags )
+{
+ psa_key_type_t type = type_arg;
+
+ key_type_classification( type, classification_flags );
+
+ /* For asymmetric types, check the corresponding pair/public type */
+ if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY )
+ {
+ psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type );
+ TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ), type );
+ key_type_classification( pair_type,
+ ( classification_flags
+ & ~KEY_TYPE_IS_PUBLIC_KEY )
+ | KEY_TYPE_IS_KEYPAIR );
+ TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ), type );
+ }
+ if( classification_flags & KEY_TYPE_IS_KEYPAIR )
+ {
+ psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
+ TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ), type );
+ key_type_classification( public_type,
+ ( classification_flags
+ & ~KEY_TYPE_IS_KEYPAIR )
+ | KEY_TYPE_IS_PUBLIC_KEY );
+ TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ), type );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecc_key_types( int curve_arg, int curve_bits_arg )
+{
+ psa_ecc_curve_t curve = curve_arg;
+ size_t curve_bits = curve_bits_arg;
+ psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
+ psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve );
+
+ test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY );
+ test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR );
+
+ TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve );
+ TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve );
+
+ /* Validate that the bit size is less than the maximum ECC bit size
+ * in this implementation. There's no parameter that should be equal
+ * to curve_bits and can be validated without creating a key. */
+ TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
new file mode 100644
index 0000000..f97a5e0
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -0,0 +1,70 @@
+PSA Storage format data for storage
+format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION
+
+PSA Storage parse stored data
+parse_storage_data_check:"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_SUCCESS
+
+PSA Storage parse stored data wrong version, should fail
+parse_storage_data_check:"505341004b455900ffffffff000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+
+PSA Storage parse too big data, should fail
+parse_storage_data_check:"505341004b45590000000000000001700100000000000012ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+
+PSA Storage parse bad magic, should fail
+parse_storage_data_check:"645341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+
+PSA Storage parse not enough magic, should fail
+parse_storage_data_check:"505341004b4559":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+
+# Not specific to files, but only run this test in an environment where the maximum size could be reached.
+Save maximum size persistent raw key
+depends_on:MBEDTLS_PSA_ITS_FILE_C
+save_large_persistent_key:0:PSA_SUCCESS
+
+Save larger than maximum size persistent raw key, should fail
+save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
+
+Persistent key destroy
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+
+Persistent key destroy missing key
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+
+Persistent key import
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_SUCCESS
+
+Persistent key import garbage data, should fail
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"11111111":PSA_ERROR_INVALID_ARGUMENT
+
+import/export persistent raw key: 0 byte
+import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0
+
+import/export persistent raw key: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0
+
+import/export persistent key RSA public key: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0
+
+import/export persistent key RSA keypair: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0
+
+import/export persistent raw key file not exist: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1
+
+import/export persistent key RSA public key file not exist: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1
+
+import/export persistent key RSA keypair file not exist: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1
+
+PSA import/export-persistent symmetric key: 16 bytes
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
new file mode 100644
index 0000000..90e10f6
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -0,0 +1,251 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+#include "psa/crypto.h"
+#include "psa_crypto_storage.h"
+#include "mbedtls/md.h"
+
+#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+
+typedef struct {
+ uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
+ uint8_t version[4];
+ uint8_t type[sizeof( psa_key_type_t )];
+ uint8_t policy[sizeof( psa_key_policy_t )];
+ uint8_t data_len[4];
+ uint8_t key_data[];
+} psa_persistent_key_storage_format;
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void format_storage_data_check( data_t *key_data,
+ data_t *expected_file_data,
+ int key_type, int key_usage, int key_alg )
+{
+ uint8_t *file_data;
+ size_t file_data_length;
+ psa_key_policy_t key_policy;
+
+ key_policy.usage = (psa_key_usage_t) key_usage;
+ key_policy.alg = (psa_algorithm_t) key_alg;
+
+ file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format );
+ file_data = mbedtls_calloc( 1, file_data_length );
+ psa_format_key_data_for_storage( key_data->x, key_data->len,
+ (psa_key_type_t) key_type, &key_policy,
+ file_data );
+
+ ASSERT_COMPARE( expected_file_data->x, expected_file_data->len,
+ file_data, file_data_length );
+ mbedtls_free( file_data );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void parse_storage_data_check( data_t *file_data,
+ data_t *expected_key_data,
+ int expected_key_type,
+ int expected_key_usage,
+ int expected_key_alg,
+ int expected_status )
+{
+ uint8_t *key_data = NULL;
+ size_t key_data_length = 0;
+ psa_key_type_t key_type = 0;
+ psa_key_policy_t key_policy;
+ psa_status_t status;
+
+ status = psa_parse_key_data_from_storage( file_data->x, file_data->len,
+ &key_data, &key_data_length,
+ &key_type, &key_policy );
+
+ TEST_EQUAL( status, expected_status );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ TEST_EQUAL( key_type, (psa_key_type_t) expected_key_type );
+ TEST_EQUAL( key_policy.usage, (uint32_t) expected_key_usage );
+ TEST_EQUAL( key_policy.alg, (uint32_t) expected_key_alg );
+ ASSERT_COMPARE( expected_key_data->x, expected_key_data->len,
+ key_data, key_data_length );
+
+exit:
+ mbedtls_free( key_data );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void save_large_persistent_key( int data_too_large, int expected_status )
+{
+ psa_key_id_t key_id = 42;
+ psa_key_handle_t handle = 0;
+ uint8_t *data = NULL;
+ size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
+
+ if( data_too_large )
+ data_length += 1;
+
+ ASSERT_ALLOC( data, data_length );
+
+ PSA_ASSERT( psa_crypto_init() );
+
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ &handle ) );
+
+ TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
+ data, data_length ),
+ expected_status );
+
+exit:
+ mbedtls_free( data );
+ mbedtls_psa_crypto_free();
+ psa_destroy_persistent_key( key_id );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void persistent_key_destroy( int key_id_arg, int should_store,
+ int first_type_arg, data_t *first_data,
+ int second_type_arg, data_t *second_data )
+{
+ psa_key_id_t key_id = key_id_arg;
+ psa_key_handle_t handle = 0;
+ psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
+ psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
+
+ PSA_ASSERT( psa_crypto_init() );
+
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ &handle ) );
+
+ if( should_store == 1 )
+ {
+ PSA_ASSERT( psa_import_key(
+ handle, first_type,
+ first_data->x, first_data->len ) );
+ }
+
+ /* Destroy the key */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+
+ /* Check key slot storage is removed */
+ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+ TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( handle, 0 );
+
+ /* Shutdown and restart */
+ mbedtls_psa_crypto_free();
+ PSA_ASSERT( psa_crypto_init() );
+
+ /* Create another key in the same slot */
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ &handle ) );
+ PSA_ASSERT( psa_import_key(
+ handle, second_type,
+ second_data->x, second_data->len ) );
+
+exit:
+ mbedtls_psa_crypto_free();
+ psa_destroy_persistent_key( key_id );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
+ int expected_status )
+{
+ psa_key_lifetime_t lifetime;
+ psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
+ psa_key_type_t type = (psa_key_type_t) type_arg;
+ psa_key_handle_t handle = 0;
+
+ PSA_ASSERT( psa_crypto_init() );
+
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ &handle ) );
+ TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
+ expected_status );
+
+ if( expected_status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+ goto exit;
+ }
+
+ PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
+ TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
+
+exit:
+ psa_destroy_persistent_key( key_id );
+ mbedtls_psa_crypto_free();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import_export_persistent_key( data_t *data, int type_arg,
+ int expected_bits, int key_not_exist )
+{
+ psa_key_id_t key_id = 42;
+ psa_key_type_t type = (psa_key_type_t) type_arg;
+ psa_key_handle_t handle = 0;
+ unsigned char *exported = NULL;
+ size_t export_size = data->len;
+ size_t exported_length;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_lifetime_t lifetime_get;
+
+ ASSERT_ALLOC( exported, export_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+ &handle ) );
+
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_VENDOR_FLAG );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+
+ /* Import the key */
+ PSA_ASSERT( psa_import_key( handle, type,
+ data->x, data->len ) );
+
+ PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
+ TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
+
+ /* Test the key information */
+ PSA_ASSERT( psa_get_key_information(
+ handle, &got_type, &got_bits ) );
+ TEST_EQUAL( got_type, type );
+ TEST_EQUAL( got_bits, (size_t) expected_bits );
+
+ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
+
+ if( key_not_exist )
+ {
+ psa_destroy_persistent_key( key_id );
+ }
+ /* Export the key */
+ PSA_ASSERT( psa_export_key( handle, exported, export_size,
+ &exported_length ) );
+
+ ASSERT_COMPARE( data->x, data->len, exported, exported_length );
+
+ /* Destroy the key */
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
+
+exit:
+ mbedtls_free( exported );
+ mbedtls_psa_crypto_free( );
+ psa_destroy_persistent_key( key_id );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
new file mode 100644
index 0000000..e937465
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -0,0 +1,124 @@
+Transient slot, check after closing
+transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+
+Transient slot, check after destroying
+transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Transient slot, check after restart
+transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+
+Persistent slot, check after closing
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+
+Persistent slot, check after destroying
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Persistent slot, check after restart
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+
+Attempt to overwrite: close before
+create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
+
+Attempt to overwrite: close after
+create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_AFTER
+
+Attempt to overwrite: keep open
+create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:KEEP_OPEN
+
+Open failure: invalid identifier (0)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid identifier (random seed UID)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: non-existent identifier
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_DOES_NOT_EXIST
+
+Open failure: volatile lifetime
+open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid lifetime
+open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: volatile lifetime
+create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid lifetime
+create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid key id (0)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid key id (random seed UID)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+
+Open not supported
+depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
+
+Create not supported
+depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
+
+Copy volatile to volatile
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy volatile to persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy persistent to volatile
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy persistent to persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy empty volatile to volatile
+copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy empty volatile to persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0
+
+Copy empty persistent to volatile
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy empty persistent to persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0
+
+Copy volatile to occupied volatile
+copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy volatile to occupied persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy persistent to occupied volatile
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy persistent to occupied persistent
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy volatile to itself
+copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
+
+Copy persistent to itself
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
+
+Close/destroy invalid handle
+invalid_handle:
+
+Open many transient handles
+many_transient_handles:42
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
new file mode 100644
index 0000000..0278b88
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -0,0 +1,695 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#include "spm/psa_defs.h"
+#endif
+#include "psa/crypto.h"
+
+#include "psa_crypto_storage.h"
+
+typedef enum
+{
+ CLOSE_BY_CLOSE,
+ CLOSE_BY_DESTROY,
+ CLOSE_BY_SHUTDOWN,
+} close_method_t;
+
+typedef enum
+{
+ KEEP_OPEN,
+ CLOSE_BEFORE,
+ CLOSE_AFTER,
+} reopen_policy_t;
+
+/* All test functions that create persistent keys must call
+ * `TEST_MAX_KEY_ID( key_id )` before creating a persistent key with this
+ * identifier, and must call psa_purge_key_storage() in their cleanup
+ * code. */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+/* There is no API to purge all keys. For this test suite, require that
+ * all key IDs be less than a certain maximum, or a well-known value
+ * which corresponds to a file that does not contain a key. */
+#define MAX_KEY_ID_FOR_TEST 32
+#define KEY_ID_IS_WELL_KNOWN( key_id ) \
+ ( ( key_id ) == PSA_CRYPTO_ITS_RANDOM_SEED_UID )
+#define TEST_MAX_KEY_ID( key_id ) \
+ TEST_ASSERT( ( key_id ) <= MAX_KEY_ID_FOR_TEST || \
+ KEY_ID_IS_WELL_KNOWN( key_id ) )
+void psa_purge_key_storage( void )
+{
+ psa_key_id_t i;
+ /* The tests may have potentially created key ids from 1 to
+ * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
+ * 0, which file-based storage uses as a temporary file. */
+ for( i = 0; i <= MAX_KEY_ID_FOR_TEST; i++ )
+ psa_destroy_persistent_key( i );
+}
+#else
+#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+static int psa_key_policy_equal( psa_key_policy_t *p1,
+ psa_key_policy_t *p2 )
+{
+ return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
+ psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void transient_slot_lifecycle( int alg_arg, int usage_arg,
+ int type_arg, data_t *key_data,
+ int close_method_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_key_usage_t usage_flags = usage_arg;
+ psa_key_type_t type = type_arg;
+ close_method_t close_method = close_method_arg;
+ psa_key_type_t read_type;
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Get a handle and import a key. */
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ TEST_ASSERT( handle != 0 );
+ psa_key_policy_set_usage( &policy, usage_flags, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
+ TEST_EQUAL( read_type, type );
+
+ /* Do something that invalidates the handle. */
+ switch( close_method )
+ {
+ case CLOSE_BY_CLOSE:
+ PSA_ASSERT( psa_close_key( handle ) );
+ break;
+ case CLOSE_BY_DESTROY:
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ break;
+ case CLOSE_BY_SHUTDOWN:
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_crypto_init( ) );
+ break;
+ }
+ /* Test that the handle is now invalid. */
+ TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
+ int alg_arg, int usage_arg,
+ int type_arg, data_t *key_data,
+ int close_method_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id = id_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_usage_t usage_flags = usage_arg;
+ psa_key_type_t type = type_arg;
+ close_method_t close_method = close_method_arg;
+ psa_key_type_t read_type;
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+
+ TEST_MAX_KEY_ID( id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Get a handle and import a key. */
+ PSA_ASSERT( psa_create_key( lifetime, id, &handle ) );
+ TEST_ASSERT( handle != 0 );
+ psa_key_policy_set_usage( &policy, usage_flags, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
+ TEST_EQUAL( read_type, type );
+
+ /* Close the key and reopen it. */
+ PSA_ASSERT( psa_close_key( handle ) );
+ PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
+ PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
+ TEST_EQUAL( read_type, type );
+
+ /* Do something that invalidates the handle. */
+ switch( close_method )
+ {
+ case CLOSE_BY_CLOSE:
+ PSA_ASSERT( psa_close_key( handle ) );
+ break;
+ case CLOSE_BY_DESTROY:
+ PSA_ASSERT( psa_destroy_key( handle ) );
+ break;
+ case CLOSE_BY_SHUTDOWN:
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_crypto_init( ) );
+ break;
+ }
+ /* Test that the handle is now invalid. */
+ TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
+
+ /* Try to reopen the key. If we destroyed it, check that it doesn't
+ * exist, otherwise check that it still exists. */
+ switch( close_method )
+ {
+ case CLOSE_BY_CLOSE:
+ case CLOSE_BY_SHUTDOWN:
+ PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
+ PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
+ TEST_EQUAL( read_type, type );
+ break;
+ case CLOSE_BY_DESTROY:
+ TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+ break;
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+ psa_purge_key_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+void create_existent( int lifetime_arg, int id_arg,
+ int reopen_policy_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id = id_arg;
+ psa_key_handle_t handle1 = 0, handle2 = 0;
+ psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
+ psa_key_type_t read_type;
+ const uint8_t material1[16] = "test material #1";
+ size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
+ size_t read_bits;
+ uint8_t reexported[sizeof( material1 )];
+ size_t reexported_length;
+ reopen_policy_t reopen_policy = reopen_policy_arg;
+
+ TEST_MAX_KEY_ID( id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Create a key. */
+ PSA_ASSERT( psa_create_key( lifetime, id, &handle1 ) );
+ TEST_ASSERT( handle1 != 0 );
+ psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 );
+ PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) );
+ PSA_ASSERT( psa_import_key( handle1, type1,
+ material1, sizeof( material1 ) ) );
+
+ if( reopen_policy == CLOSE_BEFORE )
+ PSA_ASSERT( psa_close_key( handle1 ) );
+
+ /* Attempt to create a new key in the same slot. */
+ TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
+ PSA_ERROR_ALREADY_EXISTS );
+ TEST_EQUAL( handle2, 0 );
+
+ if( reopen_policy == CLOSE_AFTER )
+ PSA_ASSERT( psa_close_key( handle1 ) );
+ if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
+ PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
+
+ /* Check that the original key hasn't changed. */
+ PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) );
+ TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) );
+ PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
+ TEST_EQUAL( read_type, type1 );
+ TEST_EQUAL( read_bits, bits1 );
+ PSA_ASSERT( psa_export_key( handle1,
+ reexported, sizeof( reexported ),
+ &reexported_length ) );
+ ASSERT_COMPARE( material1, sizeof( material1 ),
+ reexported, reexported_length );
+
+exit:
+ mbedtls_psa_crypto_free( );
+ psa_purge_key_storage( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void open_fail( int lifetime_arg, int id_arg,
+ int expected_status_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id = id_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_handle_t handle = 0xdead;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ TEST_EQUAL( psa_open_key( lifetime, id, &handle ), expected_status );
+ TEST_EQUAL( handle, 0 );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void create_fail( int lifetime_arg, int id_arg,
+ int expected_status_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id = id_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_handle_t handle = 0xdead;
+
+ TEST_MAX_KEY_ID( id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ TEST_EQUAL( psa_create_key( lifetime, id, &handle ),
+ expected_status );
+ TEST_EQUAL( handle, 0 );
+
+exit:
+ mbedtls_psa_crypto_free( );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
+ int source_usage_arg, int source_alg_arg,
+ int type_arg, data_t *material,
+ int target_lifetime_arg, int target_id_arg,
+ int target_usage_arg, int target_alg_arg,
+ int expected_usage_arg, int expected_alg_arg )
+{
+ psa_key_lifetime_t source_lifetime = source_lifetime_arg;
+ psa_key_id_t source_id = source_id_arg;
+ psa_key_usage_t source_usage = source_usage_arg;
+ psa_algorithm_t source_alg = source_alg_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t source_type = type_arg;
+ size_t source_bits;
+ psa_key_lifetime_t target_lifetime = target_lifetime_arg;
+ psa_key_id_t target_id = target_id_arg;
+ psa_key_usage_t target_usage = target_usage_arg;
+ psa_algorithm_t target_alg = target_alg_arg;
+ psa_key_handle_t target_handle = 0;
+ psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t target_type;
+ size_t target_bits;
+ psa_key_usage_t expected_usage = expected_usage_arg;
+ psa_algorithm_t expected_alg = expected_alg_arg;
+ uint8_t *export_buffer = NULL;
+
+ TEST_MAX_KEY_ID( source_id );
+ TEST_MAX_KEY_ID( target_id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Populate the source slot. */
+ if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &source_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( source_lifetime, source_id,
+ &source_handle ) );
+ psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
+ PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
+ PSA_ASSERT( psa_import_key( source_handle, source_type,
+ material->x, material->len ) );
+ PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+
+ /* Prepare the target slot. */
+ if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( target_lifetime, target_id,
+ &target_handle ) );
+ psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
+ PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
+ target_policy = psa_key_policy_init();
+
+ /* Copy the key. */
+ PSA_ASSERT( psa_copy_key( source_handle, target_handle, NULL ) );
+
+ /* Destroy the source to ensure that this doesn't affect the target. */
+ PSA_ASSERT( psa_destroy_key( source_handle ) );
+
+ /* If the target key is persistent, restart the system to make
+ * sure that the material is still alive. */
+ if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+ {
+ mbedtls_psa_crypto_free( );
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_open_key( target_lifetime, target_id,
+ &target_handle ) );
+ }
+
+ /* Test that the target slot has the expected content. */
+ PSA_ASSERT( psa_get_key_information( target_handle,
+ &target_type, &target_bits ) );
+ TEST_EQUAL( source_type, target_type );
+ TEST_EQUAL( source_bits, target_bits );
+ PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
+ TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) );
+ TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) );
+ if( expected_usage & PSA_KEY_USAGE_EXPORT )
+ {
+ size_t length;
+ ASSERT_ALLOC( export_buffer, material->len );
+ PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ material->len, &length ) );
+ ASSERT_COMPARE( material->x, material->len,
+ export_buffer, length );
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( export_buffer );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_from_empty( int source_lifetime_arg, int source_id_arg,
+ int source_usage_arg, int source_alg_arg,
+ int target_lifetime_arg, int target_id_arg,
+ int target_usage_arg, int target_alg_arg )
+{
+ psa_key_lifetime_t source_lifetime = source_lifetime_arg;
+ psa_key_id_t source_id = source_id_arg;
+ psa_key_usage_t source_usage = source_usage_arg;
+ psa_algorithm_t source_alg = source_alg_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_lifetime_t target_lifetime = target_lifetime_arg;
+ psa_key_id_t target_id = target_id_arg;
+ psa_key_usage_t target_usage = target_usage_arg;
+ psa_algorithm_t target_alg = target_alg_arg;
+ psa_key_handle_t target_handle = 0;
+ psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t got_policy;
+
+ TEST_MAX_KEY_ID( source_id );
+ TEST_MAX_KEY_ID( target_id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Prepare the source slot. */
+ if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &source_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( source_lifetime, source_id,
+ &source_handle ) );
+ psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
+ PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
+
+ /* Prepare the target slot. */
+ if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( target_lifetime, target_id,
+ &target_handle ) );
+ psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
+ PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
+
+ /* Copy the key. */
+ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
+ PSA_ERROR_DOES_NOT_EXIST );
+
+ /* Test that the slots are unaffected. */
+ PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
+ TEST_EQUAL( source_usage, psa_key_policy_get_usage( &got_policy ) );
+ TEST_EQUAL( source_alg, psa_key_policy_get_algorithm( &got_policy ) );
+ PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
+ TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
+ TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
+ int source_usage_arg, int source_alg_arg,
+ int source_type_arg, data_t *source_material,
+ int target_lifetime_arg, int target_id_arg,
+ int target_usage_arg, int target_alg_arg,
+ int target_type_arg, data_t *target_material )
+{
+ psa_key_lifetime_t source_lifetime = source_lifetime_arg;
+ psa_key_id_t source_id = source_id_arg;
+ psa_key_usage_t source_usage = source_usage_arg;
+ psa_algorithm_t source_alg = source_alg_arg;
+ psa_key_handle_t source_handle = 0;
+ psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t source_type = source_type_arg;
+ size_t source_bits;
+ psa_key_lifetime_t target_lifetime = target_lifetime_arg;
+ psa_key_id_t target_id = target_id_arg;
+ psa_key_usage_t target_usage = target_usage_arg;
+ psa_algorithm_t target_alg = target_alg_arg;
+ psa_key_handle_t target_handle = 0;
+ psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t target_type = target_type_arg;
+ size_t target_bits;
+ psa_key_policy_t got_policy;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ uint8_t *export_buffer = NULL;
+
+ TEST_MAX_KEY_ID( source_id );
+ TEST_MAX_KEY_ID( target_id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Populate the source slot. */
+ if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &source_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( source_lifetime, source_id,
+ &source_handle ) );
+ psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
+ PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
+ PSA_ASSERT( psa_import_key( source_handle, source_type,
+ source_material->x, source_material->len ) );
+ PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+
+ /* Populate the target slot. */
+ if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &target_handle ) );
+ else
+ PSA_ASSERT( psa_create_key( target_lifetime, target_id,
+ &target_handle ) );
+ psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
+ PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
+ PSA_ASSERT( psa_import_key( target_handle, target_type,
+ target_material->x, target_material->len ) );
+ PSA_ASSERT( psa_get_key_information( target_handle, NULL, &target_bits ) );
+
+ /* Copy the key. */
+ TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
+ PSA_ERROR_ALREADY_EXISTS );
+
+ /* Test that the target slot is unaffected. */
+ PSA_ASSERT( psa_get_key_information( target_handle,
+ &got_type, &got_bits ) );
+ TEST_EQUAL( target_type, got_type );
+ TEST_EQUAL( target_bits, got_bits );
+ PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
+ TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
+ TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
+ if( target_usage & PSA_KEY_USAGE_EXPORT )
+ {
+ size_t length;
+ ASSERT_ALLOC( export_buffer, target_material->len );
+ PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ target_material->len, &length ) );
+ ASSERT_COMPARE( target_material->x, target_material->len,
+ export_buffer, length );
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( export_buffer );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_to_same( int lifetime_arg, int id_arg,
+ int usage_arg, int alg_arg,
+ int type_arg, data_t *material )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_id_t id = id_arg;
+ psa_key_usage_t usage = usage_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_handle_t handle = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t type = type_arg;
+ size_t bits;
+ psa_key_policy_t got_policy;
+ psa_key_type_t got_type;
+ size_t got_bits;
+ uint8_t *export_buffer = NULL;
+
+ TEST_MAX_KEY_ID( id );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Populate the slot. */
+ if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ else
+ PSA_ASSERT( psa_create_key( lifetime, id,
+ &handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, type,
+ material->x, material->len ) );
+ PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
+
+ /* Copy the key. */
+ TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
+ PSA_ERROR_ALREADY_EXISTS );
+
+ /* Test that the slot is unaffected. */
+ PSA_ASSERT( psa_get_key_information( handle,
+ &got_type, &got_bits ) );
+ TEST_EQUAL( type, got_type );
+ TEST_EQUAL( bits, got_bits );
+ PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
+ TEST_EQUAL( usage, psa_key_policy_get_usage( &got_policy ) );
+ TEST_EQUAL( alg, psa_key_policy_get_algorithm( &got_policy ) );
+ if( usage & PSA_KEY_USAGE_EXPORT )
+ {
+ size_t length;
+ ASSERT_ALLOC( export_buffer, material->len );
+ PSA_ASSERT( psa_export_key( handle, export_buffer,
+ material->len, &length ) );
+ ASSERT_COMPARE( material->x, material->len,
+ export_buffer, length );
+ }
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( export_buffer );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void invalid_handle( )
+{
+ psa_key_handle_t handle1 = 0;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_type_t read_type;
+ size_t read_bits;
+ uint8_t material[1] = "a";
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /* Allocate a handle and store a key in it. */
+ PSA_ASSERT( psa_allocate_key( &handle1 ) );
+ TEST_ASSERT( handle1 != 0 );
+ psa_key_policy_set_usage( &policy, 0, 0 );
+ PSA_ASSERT( psa_set_key_policy( handle1, &policy ) );
+ PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA,
+ material, sizeof( material ) ) );
+
+ /* Attempt to close and destroy some invalid handles. */
+ TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( handle1 - 1 ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( handle1 + 1 ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_destroy_key( 0 ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_destroy_key( handle1 - 1 ), PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_destroy_key( handle1 + 1 ), PSA_ERROR_INVALID_HANDLE );
+
+ /* After all this, check that the original handle is intact. */
+ PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
+ TEST_EQUAL( read_type, PSA_KEY_TYPE_RAW_DATA );
+ TEST_EQUAL( read_bits, PSA_BYTES_TO_BITS( sizeof( material ) ) );
+ PSA_ASSERT( psa_close_key( handle1 ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void many_transient_handles( int max_handles_arg )
+{
+ psa_key_handle_t *handles = NULL;
+ size_t max_handles = max_handles_arg;
+ size_t i, j;
+ psa_status_t status;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ uint8_t exported[sizeof( size_t )];
+ size_t exported_length;
+
+ ASSERT_ALLOC( handles, max_handles );
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
+
+ for( i = 0; i < max_handles; i++ )
+ {
+ status = psa_allocate_key( &handles[i] );
+ if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
+ break;
+ PSA_ASSERT( status );
+ TEST_ASSERT( handles[i] != 0 );
+ for( j = 0; j < i; j++ )
+ TEST_ASSERT( handles[i] != handles[j] );
+ PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
+ PSA_ASSERT( psa_import_key( handles[i], PSA_KEY_TYPE_RAW_DATA,
+ (uint8_t *) &i, sizeof( i ) ) );
+ }
+ max_handles = i;
+
+ for( i = 1; i < max_handles; i++ )
+ {
+ PSA_ASSERT( psa_close_key( handles[i - 1] ) );
+ PSA_ASSERT( psa_export_key( handles[i],
+ exported, sizeof( exported ),
+ &exported_length ) );
+ ASSERT_COMPARE( exported, exported_length,
+ (uint8_t *) &i, sizeof( i ) );
+ }
+ PSA_ASSERT( psa_close_key( handles[i - 1] ) );
+
+exit:
+ mbedtls_psa_crypto_free( );
+ mbedtls_free( handles );
+}
+/* END_CASE */
+
diff --git a/tests/suites/test_suite_psa_its.data b/tests/suites/test_suite_psa_its.data
new file mode 100644
index 0000000..63ca129
--- /dev/null
+++ b/tests/suites/test_suite_psa_its.data
@@ -0,0 +1,65 @@
+Set/get/remove 0 bytes
+set_get_remove:0:0:""
+
+Set/get/remove 42 bytes
+set_get_remove:0:0:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223242526272829"
+
+Set/get/remove 1000 bytes
+set_get_remove:0:0:"6a07ecfcc7c7bfe0129d56d2dcf2955a12845b9e6e0034b0ed7226764261c6222a07b9f654deb682130eb1cd07ed298324e60a46f9c76c8a5a0be000c69e93dd81054ca21fbc6190cef7745e9d5436f70e20e10cbf111d1d40c9ceb83be108775199d81abaf0fecfe30eaa08e7ed82517cba939de4449f7ac5c730fcbbf56e691640b0129db0e178045dd2034262de9138873d9bdca57685146a3d516ff13c29e6628a00097435a8e10fef7faff62d2963c303a93793e2211d8604556fec08cd59c0f5bd1f22eea64be13e88b3f454781e83fe6e771d3d81eb2fbe2021e276f42a93db5343d767d854115e74f5e129a8036b1e81aced9872709d515e00bcf2098ccdee23006b0e836b27dc8aaf30f53fe58a31a6408abb79b13098c22e262a98040f9b09809a3b43bd42eb01cf1d17bbc8b4dfe51fa6573d4d8741943e3ae71a649e194c1218f2e20556c7d8cfe8c64d8cc1aa94531fbf638768c7d19b3c079299cf4f26ed3f964efb8fd23d82b4157a51f46da11156c74e2d6e2fd788869ebb52429e12a82da2ba083e2e74565026162f29ca22582da72a2698e7c5d958b919bc2cdfe12f50364ccfed30efd5cd120a7d5f196b2bd7f911bb44d5871eb3dedcd70ece7faf464988f9fe361f23d7244b1e08bee921d0f28bdb4912675809d099876d4d15b7d13ece356e1f2a5dce64feb3d6749a07a4f2b7721190e17a9ab2966e48b6d25187070b81eb45b1c44608b2f0e175958ba57fcf1b2cd145eea5fd4de858d157ddac69dfbb5d5d6f0c1691b0fae5a143b6e58cdf5000f28d74b3322670ed11e740c828c7bfad4e2f392012da3ac931ea26ed15fd003e604071f5900c6e1329d021805d50da9f1e732a49bcc292d9f8e07737cfd59442e8d7aaa813b18183a68e22bf6b4519545dd7d2d519db3652be4131bad4f4b0625dbaa749e979f6ee8c1b97803cb50a2fa20dc883eac932a824b777b226e15294de6a80be3ddef41478fe18172d64407a004de6bae18bc60e90c902c1cbb0e1633395b42391f5011be0d480541987609b0cd8d902ea29f86f73e7362340119323eb0ea4f672b70d6e9a9df5235f9f1965f5cb0c2998c5a7f4754e83eeda5d95fefbbaaa0875fe37b7ca461e7281cc5479162627c5a709b45fd9ddcde4dfb40659e1d70fa7361d9fc7de24f9b8b13259423fdae4dbb98d691db687467a5a7eb027a4a0552a03e430ac8a32de0c30160ba60a036d6b9db2d6182193283337b92e7438dc5d6eb4fa00200d8efa9127f1c3a32ac8e202262773aaa5a965c6b8035b2e5706c32a55511560429ddf1df4ac34076b7eedd9cf94b6915a894fdd9084ffe3db0e7040f382c3cd04f0484595de95865c36b6bf20f46a78cdfb37228acbeb218de798b9586f6d99a0cbae47e80d"
+
+Set/get/remove with flags
+set_get_remove:0:0x12345678:"abcdef"
+
+Overwrite 0 -> 3
+set_overwrite:0:0x12345678:"":0x01020304:"abcdef"
+
+Overwrite 3 -> 0
+set_overwrite:0:0x12345678:"abcdef":0x01020304:""
+
+Overwrite 3 -> 3
+set_overwrite:0:0x12345678:"123456":0x01020304:"abcdef"
+
+Overwrite 3 -> 18
+set_overwrite:0:0x12345678:"abcdef":0x01020304:"404142434445464748494a4b4c4d4e4f5051"
+
+Overwrite 18 -> 3
+set_overwrite:0:0x12345678:"404142434445464748494a4b4c4d4e4f5051":0x01020304:"abcdef"
+
+Multiple files
+set_multiple:0:5
+
+Non-existent file
+nonexistent:0:0
+
+Removed file
+nonexistent:0:1
+
+Get 0 bytes of 10 at 10
+get_at:0:"40414243444546474849":10:0:PSA_SUCCESS
+
+Get 1 byte of 10 at 9
+get_at:0:"40414243444546474849":9:1:PSA_SUCCESS
+
+Get 0 bytes of 10 at 0
+get_at:0:"40414243444546474849":0:0:PSA_SUCCESS
+
+Get 1 byte of 10 at 0
+get_at:0:"40414243444546474849":0:1:PSA_SUCCESS
+
+Get 2 bytes of 10 at 1
+get_at:0:"40414243444546474849":1:2:PSA_SUCCESS
+
+Get 1 byte of 10 at 10: out of range
+get_at:0:"40414243444546474849":10:1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 1 byte of 10 at 11: out of range
+get_at:0:"40414243444546474849":11:1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 0 bytes of 10 at 11: out of range
+get_at:0:"40414243444546474849":11:0:PSA_ERROR_INVALID_ARGUMENT
+
+Get -1 byte of 10 at 10: out of range
+get_at:0:"40414243444546474849":10:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 1 byte of 10 at -1: out of range
+get_at:0:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
new file mode 100644
index 0000000..867f64f
--- /dev/null
+++ b/tests/suites/test_suite_psa_its.function
@@ -0,0 +1,213 @@
+/* BEGIN_HEADER */
+#include "../library/psa_crypto_its.h"
+
+/* Internal definitions of the implementation, copied for the sake of
+ * some of the tests and of the cleanup code. */
+#define PSA_ITS_STORAGE_PREFIX ""
+#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
+#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
+#define PSA_ITS_STORAGE_FILENAME_LENGTH \
+ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
+ 1 /*terminating null byte*/ )
+#define PSA_ITS_STORAGE_TEMP \
+ PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
+static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+{
+ /* Break up the UID into two 32-bit pieces so as not to rely on
+ * long long support in snprintf. */
+ mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+ "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+ PSA_ITS_STORAGE_PREFIX,
+ (unsigned long) ( uid >> 32 ),
+ (unsigned long) ( uid & 0xffffffff ),
+ PSA_ITS_STORAGE_SUFFIX );
+}
+
+/* Maximum uid used by the test, recorded so that cleanup() can delete
+ * all files. 0xffffffffffffffff is always cleaned up, so it does not
+ * need to and should not be taken into account for uid_max. */
+static psa_storage_uid_t uid_max = 0;
+
+static void cleanup( void )
+{
+ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+ psa_storage_uid_t uid;
+ for( uid = 0; uid < uid_max; uid++ )
+ {
+ psa_its_fill_filename( uid, filename );
+ remove( filename );
+ }
+ psa_its_fill_filename( (psa_storage_uid_t)( -1 ), filename );
+ remove( filename );
+ remove( PSA_ITS_STORAGE_TEMP );
+ uid_max = 0;
+}
+
+static psa_status_t psa_its_set_wrap( psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags )
+{
+ if( uid_max != (psa_storage_uid_t)( -1 ) && uid_max < uid )
+ uid_max = uid;
+ return( psa_its_set( uid, data_length, p_data, create_flags ) );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_ITS_FILE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void set_get_remove( int uid_arg, int flags_arg, data_t *data )
+{
+ psa_storage_uid_t uid = uid_arg;
+ uint32_t flags = flags_arg;
+ struct psa_storage_info_t info;
+ unsigned char *buffer = NULL;
+
+ ASSERT_ALLOC( buffer, data->len );
+
+ PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, flags ) );
+
+ PSA_ASSERT( psa_its_get_info( uid, &info ) );
+ TEST_ASSERT( info.size == data->len );
+ TEST_ASSERT( info.flags == flags );
+ PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer ) );
+ ASSERT_COMPARE( data->x, data->len, buffer, data->len );
+
+ PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+ mbedtls_free( buffer );
+ cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void set_overwrite( int uid_arg,
+ int flags1_arg, data_t *data1,
+ int flags2_arg, data_t *data2 )
+{
+ psa_storage_uid_t uid = uid_arg;
+ uint32_t flags1 = flags1_arg;
+ uint32_t flags2 = flags2_arg;
+ struct psa_storage_info_t info;
+ unsigned char *buffer = NULL;
+
+ ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
+
+ PSA_ASSERT( psa_its_set_wrap( uid, data1->len, data1->x, flags1 ) );
+ PSA_ASSERT( psa_its_get_info( uid, &info ) );
+ TEST_ASSERT( info.size == data1->len );
+ TEST_ASSERT( info.flags == flags1 );
+ PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) );
+ ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len );
+
+ PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
+ PSA_ASSERT( psa_its_get_info( uid, &info ) );
+ TEST_ASSERT( info.size == data2->len );
+ TEST_ASSERT( info.flags == flags2 );
+ PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) );
+ ASSERT_COMPARE( data2->x, data2->len, buffer, data2->len );
+
+ PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+ mbedtls_free( buffer );
+ cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void set_multiple( int first_id, int count )
+{
+ psa_storage_uid_t uid0 = first_id;
+ psa_storage_uid_t uid;
+ char stored[40];
+ char retrieved[40];
+
+ memset( stored, '.', sizeof( stored ) );
+ for( uid = uid0; uid < uid0 + count; uid++ )
+ {
+ mbedtls_snprintf( stored, sizeof( stored ),
+ "Content of file 0x%08lx", (unsigned long) uid );
+ PSA_ASSERT( psa_its_set_wrap( uid, sizeof( stored ), stored, 0 ) );
+ }
+
+ for( uid = uid0; uid < uid0 + count; uid++ )
+ {
+ mbedtls_snprintf( stored, sizeof( stored ),
+ "Content of file 0x%08lx", (unsigned long) uid );
+ PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) );
+ ASSERT_COMPARE( retrieved, sizeof( stored ),
+ stored, sizeof( stored ) );
+ PSA_ASSERT( psa_its_remove( uid ) );
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ PSA_ERROR_DOES_NOT_EXIST );
+ }
+
+exit:
+ cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void nonexistent( int uid_arg, int create_and_remove )
+{
+ psa_storage_uid_t uid = uid_arg;
+ struct psa_storage_info_t info;
+
+ if( create_and_remove )
+ {
+ PSA_ASSERT( psa_its_set_wrap( uid, 0, NULL, 0 ) );
+ PSA_ASSERT( psa_its_remove( uid ) );
+ }
+
+ TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT( psa_its_get_info( uid, &info ) ==
+ PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+ cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void get_at( int uid_arg, data_t *data,
+ int offset, int length_arg,
+ int expected_status )
+{
+ psa_storage_uid_t uid = uid_arg;
+ unsigned char *buffer = NULL;
+ psa_status_t status;
+ size_t length = length_arg >= 0 ? length_arg : 0;
+ unsigned char *trailer;
+ size_t i;
+
+ ASSERT_ALLOC( buffer, length + 16 );
+ trailer = buffer + length;
+ memset( trailer, '-', 16 );
+
+ PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
+
+ status = psa_its_get( uid, offset, length_arg, buffer );
+ TEST_ASSERT( status == (psa_status_t) expected_status );
+ if( status == PSA_SUCCESS )
+ ASSERT_COMPARE( data->x + offset, length,
+ buffer, length );
+ for( i = 0; i < 16; i++ )
+ TEST_ASSERT( trailer[i] == '-' );
+ PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+ mbedtls_free( buffer );
+ cleanup( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
deleted file mode 100644
index 1473507..0000000
--- a/tests/suites/test_suite_ssl.data
+++ /dev/null
@@ -1,59 +0,0 @@
-SSL DTLS replay: initial state, seqnum 0
-ssl_dtls_replay:"":"000000000000":0
-
-SSL DTLS replay: 0 seen, 1 arriving
-ssl_dtls_replay:"000000000000":"000000000001":0
-
-SSL DTLS replay: 0 seen, 0 replayed
-ssl_dtls_replay:"000000000000":"000000000000":-1
-
-SSL DTLS replay: 0-1 seen, 2 arriving
-ssl_dtls_replay:"000000000000000000000001":"000000000002":0
-
-SSL DTLS replay: 0-1 seen, 1 replayed
-ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
-
-SSL DTLS replay: 0-1 seen, 0 replayed
-ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
-
-SSL DTLS replay: new
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
-
-SSL DTLS replay: way new
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
-
-SSL DTLS replay: delayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
-
-SSL DTLS replay: lastest replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
-
-SSL DTLS replay: older replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
-
-SSL DTLS replay: most recent in window, replayed
-ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
-
-SSL DTLS replay: oldest in window, replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
-
-SSL DTLS replay: oldest in window, not replayed
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
-
-SSL DTLS replay: just out of the window
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
-
-SSL DTLS replay: way out of the window
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
-
-SSL DTLS replay: big jump then replay
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
-
-SSL DTLS replay: big jump then new
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
-
-SSL DTLS replay: big jump then just delayed
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
-
-SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
-ssl_set_hostname_twice:"server0":"server1"
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
deleted file mode 100644
index 326f22d..0000000
--- a/tests/suites/test_suite_ssl.function
+++ /dev/null
@@ -1,54 +0,0 @@
-/* BEGIN_HEADER */
-#include <mbedtls/ssl.h>
-#include <mbedtls/ssl_internal.h>
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_SSL_TLS_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
-{
- uint32_t len = 0;
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
-
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
-
- TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
- TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
- /* Read previous record numbers */
- for( len = 0; len < prevs->len; len += 6 )
- {
- memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
- mbedtls_ssl_dtls_replay_update( &ssl );
- }
-
- /* Check new number */
- memcpy( ssl.in_ctr + 2, new->x, 6 );
- TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
-
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
-{
- mbedtls_ssl_context ssl;
- mbedtls_ssl_init( &ssl );
-
- TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
- TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
-
- mbedtls_ssl_free( &ssl );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
deleted file mode 100644
index edd3a6f..0000000
--- a/tests/suites/test_suite_x509parse.data
+++ /dev/null
@@ -1,1999 +0,0 @@
-X509 Certificate information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #1 (DER)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #2 (DER)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
-
-X509 Certificate information #3 (DER)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
-
-X509 Certificate information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C
-x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C
-x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information, NS Cert Type
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
-
-X509 Certificate information, Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
-
-X509 Certificate information, Key Usage with decipherOnly
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
-
-X509 Certificate information, Subject Alt Name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n"
-
-X509 Certificate information, Subject Alt Name + Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
-
-X509 Certificate information, Key Usage + Extended Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
-
-X509 Certificate information RSA signed by EC
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information Bitstring in subject name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n"
-
-X509 certificate v1 with extension
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"
-
-X509 CRL information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
-
-X509 CRL Information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
-
-X509 CRL Information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
-mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
-
-X509 CRL Information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
-
-X509 CRL Information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
-
-X509 CRL Information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
-
-X509 CRL Information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
-
-X509 CRL Information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
-
-X509 CRL Information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
-
-X509 CRL information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
-
-X509 CRL information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
-
-X509 CRL information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
-
-X509 CRL information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
-
-X509 CRL information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
-
-X509 CRL Information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
-
-X509 CRL Information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
-
-X509 CRL Information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
-
-X509 CRL Information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
-
-X509 CRL Information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
-
-X509 CRL Malformed Input (trailing spaces at end of file)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
-
-X509 CRL Unsupported critical extension (issuingDistributionPoint)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
-
-X509 CSR Information RSA with MD4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with MD5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
-
-X509 CSR Information EC with SHA1
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
-
-X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
-
-X509 CSR Information EC with SHA256
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
-
-X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
-
-X509 CSR Information EC with SHA512
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
-
-X509 CSR Information RSA-PSS with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
-
-X509 CSR Information RSA with SHA256 - Microsoft header
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
-
-X509 Verify Information: empty
-x509_verify_info:0:"":""
-
-X509 Verify Information: one issue
-x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
-
-X509 Verify Information: two issues
-x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
-
-X509 Verify Information: two issues, one unknown
-x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x80000000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
-
-X509 Verify Information: empty, with prefix
-x509_verify_info:0:" ! ":""
-
-X509 Verify Information: one issue, with prefix
-x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
-
-X509 Verify Information: two issues, with prefix
-x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
-
-X509 Get Distinguished Name #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
-
-X509 Get Distinguished Name #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
-
-X509 Get Distinguished Name #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost"
-
-X509 Get Distinguished Name #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
-
-X509 Time Expired #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_from":1
-
-X509 Time Expired #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_to":0
-
-X509 Time Expired #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_from":1
-
-X509 Time Expired #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_to":0
-
-X509 Time Expired #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_from":1
-
-X509 Time Expired #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
-
-X509 Time Future #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
-
-X509 Time Future #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
-
-X509 Time Future #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
-
-X509 Time Future #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
-
-X509 Time Future #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
-
-X509 Time Future #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
-
-X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #2 (Revoked Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #2a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #4 (Valid Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #4a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #5 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5' (Revoked Cert, differing DN string formats #1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_utf8.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5'' (Revoked Cert, differing DN string formats #2)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_printable.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5''' (Revoked Cert, differing upper and lower case)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_uppercase.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #6 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #8 (Valid Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #8a (Expired Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #8b (Future Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #8c (Expired Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #8d (Future Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #9 (Not trusted Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #12 (Valid Cert MD4 Digest)
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
-X509 Certificate verification #13 (Valid Cert MD5 Digest)
-depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL"
-
-X509 Certificate verification #15 (Valid Cert SHA224 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #16 (Valid Cert SHA256 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #17 (Valid Cert SHA384 Digest)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #18 (Valid Cert SHA512 Digest)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #19 (Valid Cert, denying callback)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none"
-
-X509 Certificate verification #19 (Not trusted Cert, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all"
-
-X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL"
-
-X509 Certificate verification #22 (domain not matching wildcard certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #23 (domain not matching wildcard certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #24 (domain matching CN of multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #25 (domain matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL"
-
-X509 Certificate verification #26 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #29 (domain matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL"
-
-X509 Certificate verification #30 (domain matching multi certificate without CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #31 (domain not matching multi certificate without CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #33 (Valid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #34 (Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #35 (Revoked, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #41 (Valid, depth 0, EC, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #42 (Depth 0, not CA, RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #43 (Depth 0, not CA, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #44 (Corrupted signature, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #45 (Corrupted signature, RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #45b (Corrupted signature, intermediate CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #50 (Valid, multiple CAs)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #52 (CA keyUsage valid)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #70 (v1 trusted CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #71 (v1 trusted CA, other)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #72 (v1 chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #73 (selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #75 (encoding mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #76 (multiple CRLs, not revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #77 (multiple CRLs, revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #78 (multiple CRLs, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #79 (multiple CRLs, revoked by future)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #81 (multiple CRLs, none relevant)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #82 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #83 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #84 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #85 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #86 (Not yet valid CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #87 (Expired CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #88 (Spurious cert in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #89 (Spurious cert later in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #90 (EE with same name as trusted root)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
-
-X509 Certificate verification #91 (same CA with good then bad key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #91 (same CA with bad then good key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #92 (bad name, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
-
-X509 Certificate verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
-
-X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
-
-X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
-
-X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
-
-X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
-
-X509 Certificate verification with ca callback: failure
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR
-
-X509 Certificate verification callback: bad name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
-
-X509 Certificate verification callback: trusted EE cert
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
-
-X509 Certificate verification callback: trusted EE cert, expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: simple
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: simple, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: simple, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two trusted roots
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: two trusted roots, reversed order
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: intermediate ca, int expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, top int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, low int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: no intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-
-X509 Certificate verification callback: one intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-
-X509 Parse Selftest
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_selftest:
-
-X509 Certificate ASN1 (Incorrect first tag)
-x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 Certificate ASN1 (Correct first tag, data length does not match)
-x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, no more data)
-x509parse_crt:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incorrect)
-x509parse_crt:"30023085":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023083":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023081":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"3003308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
-x509parse_crt:"300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
-x509parse_crt:"3003300100":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, invalid version tag)
-x509parse_crt:"30053003a00101":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
-x509parse_crt:"30053003a00102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
-x509parse_crt:"30163014a012021000000000000000000000000000000000":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
-x509parse_crt:"30073005a003020104":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
-x509parse_crt:"30083006a00402010400":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
-x509parse_crt:"30083006a00302010400":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
-x509parse_crt:"30083006a00302010482":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
-x509parse_crt:"300d300ba0030201048204deadbeef":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
-x509parse_crt:"300e300ca0030201048204deadbeef00":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
-x509parse_crt:"300f300da0030201048204deadbeef3000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, alg with params)
-x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
-x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
-x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, length mismatch)
-x509parse_crt:"30183016a0030201048204deadbeef30090604cafed00d050000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
-x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, bad RSASSA-PSS params)
-depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT
-x509parse_crt:"30193017A003020102020118300D06092A864886F70D01010A3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer no set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, too much date data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, invalid from date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
-
-X509 Certificate ASN1 (TBSCertificate, invalid to date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
-
-X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mbedtls_mpi)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
-
-X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (TBSCertificate v3, ext empty)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (SubjectAltName repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-
-X509 Certificate ASN1 (ExtKeyUsage repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-
-X509 Certificate ASN1 (correct pubkey, no sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (sig_alg mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
-
-X509 Certificate ASN1 (sig_alg, no sig)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (signature, invalid sig data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (signature, data left)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (correct)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (GeneralizedTime instead of UTCTime)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 CN)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 C)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 L)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 ST)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 O)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 OU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with unknown X520 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with composite RDN)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
-
-X509 Certificate ASN1 (Name with PKCS9 email)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with unknown PKCS9 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
-
-X509 Certificate ASN1 (ECDSA signature, RSA key)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
-
-X509 Certificate ASN1 (ECDSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
-
-X509 Certificate ASN1 (RSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
-
-X509 Certificate ASN1 (invalid version 3)
-x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid version overflow)
-x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid SubjectAltNames tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (Incorrect first tag)
-x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CRL ASN1 (Correct first tag, data length does not match)
-x509parse_crl:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, tag missing)
-x509parse_crl:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, version tag len missing)
-x509parse_crl:"3003300102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, version correct, alg missing)
-x509parse_crl:"30053003020100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, alg correct, incorrect version)
-x509parse_crl:"300b3009020102300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown)
-x509parse_crl:"300b3009020100300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
-x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, issuer set missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, sig present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
-
-X509 CRL ASN1 (TBSCertList, no entries)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
-
-X509 CRL ASN1 (invalid version 2)
-x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (invalid version overflow)
-x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
-
-X509 CRT parse path #2 (one cert)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
-
-X509 CRT parse path #3 (two certs)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
-
-X509 CRT parse path #4 (two certs, one non-cert)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
-
-X509 CRT verify long chain (max intermediate CA, trusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
-
-X509 CRT verify long chain (max intermediate CA, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED
-
-X509 CRT verify long chain (max intermediate CA + 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
-
-X509 CRT verify chain #1 (zero pathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #2 (zero pathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #3 (nonzero pathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #4 (nonzero pathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"":0
-
-X509 CRT verify chain #6 (nonzero maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
-
-X509 CRT verify chain #7 (maxpathlen root, self signed in path)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"":0
-
-X509 CRT verify chain #8 (self signed maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
-
-X509 CRT verify chain #9 (zero pathlen first intermediate, valid)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"":0
-
-X509 CRT verify chain #10 (zero pathlen root, valid)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"":0
-
-X509 CRT verify chain #11 (valid chain, missing profile)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
-
-X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
-
-X509 CRT verify chain #13 (RSA only profile, EC root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
-
-X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #17 (SHA-512 profile)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
-
-X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
-
-X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
-
-X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
-
-X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
-
-X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
-
-X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
-
-X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
-
-X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
-
-X509 OID description #1
-x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
-
-X509 OID description #2
-x509_oid_desc:"2B0601050507030f":"notfound"
-
-X509 OID description #3
-x509_oid_desc:"2B0601050507030100":"notfound"
-
-X509 OID numstring #1 (wide buffer)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17
-
-X509 OID numstring #2 (buffer just fits)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17
-
-X509 OID numstring #3 (buffer too small)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL
-
-X509 OID numstring #4 (larger number)
-x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14
-
-X509 OID numstring #5 (arithmetic overflow)
-x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
-
-X509 crt keyUsage #1 (no extension, expected KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-
-X509 crt keyUsage #2 (no extension, surprising KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
-
-X509 crt keyUsage #3 (extension present, no KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":0:0
-
-X509 crt keyUsage #4 (extension present, single KU present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0
-
-X509 crt keyUsage #5 (extension present, single KU absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #6 (extension present, combined KU present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-
-X509 crt keyUsage #7 (extension present, combined KU both absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #8 (extension present, combined KU one absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #9 (extension present, decOnly allowed absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-
-X509 crt keyUsage #10 (extension present, decOnly non-allowed present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #11 (extension present, decOnly allowed present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-
-X509 crt extendedKeyUsage #1 (no extension, serverAuth)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #2 (single value, present)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #3 (single value, absent)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt extendedKeyUsage #4 (two values, first)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #5 (two values, second)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0
-
-X509 crt extendedKeyUsage #6 (two values, other)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt extendedKeyUsage #7 (any, random)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0
-
-X509 RSASSA-PSS parameters ASN1 (good, all defaults)
-x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (wrong initial tag)
-x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence)
-x509_parse_rsassa_pss_params:"A400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A00D300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A009300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters)
-x509_parse_rsassa_pss_params:"A00F300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
-x509_parse_rsassa_pss_params:"A00D300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A116301406092A864886F70D010108300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1)
-x509_parse_rsassa_pss_params:"A11A301906092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010109300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108310B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a)
-x509_parse_rsassa_pss_params:"A10F300D06092A864886F70D0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b)
-x509_parse_rsassa_pss_params:"A11B301906092A864886F70D010108300C0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c)
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94)
-x509_parse_rsassa_pss_params:"A20302015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default)
-x509_parse_rsassa_pss_params:"A203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1)
-x509_parse_rsassa_pss_params:"A20402015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2)
-x509_parse_rsassa_pss_params:"A20402015E00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (saltLen not an int)
-x509_parse_rsassa_pss_params:"A2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default)
-x509_parse_rsassa_pss_params:"A303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1)
-x509_parse_rsassa_pss_params:"A304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2)
-x509_parse_rsassa_pss_params:"A30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (trailerField not an int)
-x509_parse_rsassa_pss_params:"A3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
-x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
-
-X509 CSR ASN.1 (OK)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
-
-X509 CSR ASN.1 (bad first tag)
-mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CSR ASN.1 (bad sequence: overlong)
-mbedtls_x509_csr_parse:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CSR ASN.1 (total length mistmatch)
-mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CSR ASN.1 (bad CRI: not a sequence)
-mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI: overlong)
-mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Version: overlong)
-mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Version: not v1)
-mbedtls_x509_csr_parse:"30053003020101":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CSR ASN.1 (bad CRI.Name: not a sequence)
-mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI.Name: overlong)
-mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Name payload: not a set)
-mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI.Name payload: overlong)
-mbedtls_x509_csr_parse:"300A30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing)
-mbedtls_x509_csr_parse:"30143012020100300D310B3009060355040613024E4C":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence)
-mbedtls_x509_csr_parse:"30163014020100300D310B3009060355040613024E4C3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
-mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad attributes: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad attributes: bad tag)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad attributes: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: not a sequence)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad sigAlg: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: unknown)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CSR ASN.1 (bad sig: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sig: not a bit string)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad sig: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (extra data after signature)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CSR ASN.1 (invalid version overflow)
-mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 File parse (no issues)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_int-ca.crt":0
-
-X509 File parse (extra space in one certificate)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_pem_space.crt":1
-
-X509 File parse (all certificates fail)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
-
-X509 File parse (trailing spaces, OK)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_trailing_space.crt":0
-
-X509 Get time (UTC no issues)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
-
-X509 Get time (Generalized Time no issues)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59
-
-X509 Get time (UTC year without leap day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC year with leap day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12
-
-X509 Get time (UTC invalid day of month #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid day of month #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid hour)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid min)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid sec)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without time zone)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12
-
-X509 Get time (UTC with invalid time zone #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC with invalid time zone #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Date with invalid tag)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERR_X509_INVALID_DATE+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0:0:0:0:0:0
-
-X509 Get time (UTC, truncated)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, truncated)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without seconds)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0
-
-X509 Get time (UTC without seconds and with invalid time zone #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without second and with invalid time zone #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in month)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in hour)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in min)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in sec)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 400 is a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0
-
-X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 cert verify restart: trusted EE, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
-
-X509 cert verify restart: trusted EE, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
-
-X509 cert verify restart: no intermediate, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
-
-X509 cert verify restart: no intermediate, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000
-
-X509 cert verify restart: no intermediate, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0
-
-X509 cert verify restart: no intermediate, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80
-
-X509 cert verify restart: no intermediate, badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: no intermediate, badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: no intermediate, badsign, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0
-
-X509 cert verify restart: no intermediate, badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80
-
-X509 cert verify restart: one int, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0
-
-X509 cert verify restart: one int, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000
-
-X509 cert verify restart: one int, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0
-
-X509 cert verify restart: one int, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100
-
-X509 cert verify restart: one int, EE badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: one int, EE badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: one int, EE badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
-
-X509 cert verify restart: one int, EE badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
-
-X509 cert verify restart: one int, int badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: one int, int badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: one int, int badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
-
-X509 cert verify restart: one int, int badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
deleted file mode 100644
index b11ab84..0000000
--- a/tests/suites/test_suite_x509parse.function
+++ /dev/null
@@ -1,969 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/base64.h"
-#include "string.h"
-
-#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
-#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
-than the current threshold 19. To test larger values, please \
-adapt the script tests/data_files/dir-max/long.sh."
-#endif
-
-/* Profile for backward compatibility. Allows SHA-1, unlike the default
- profile. */
-const mbedtls_x509_crt_profile compat_profile =
-{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
- 0xFFFFFFF, /* Any PK alg */
- 0xFFFFFFF, /* Any curve */
- 1024,
-};
-
-const mbedtls_x509_crt_profile profile_rsa3072 =
-{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
- MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
- 0,
- 3072,
-};
-
-const mbedtls_x509_crt_profile profile_sha512 =
-{
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
- 0xFFFFFFF, /* Any PK alg */
- 0xFFFFFFF, /* Any curve */
- 1024,
-};
-
-int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
- ((void) data);
- ((void) crt);
- ((void) certificate_depth);
- *flags |= MBEDTLS_X509_BADCERT_OTHER;
-
- return 0;
-}
-
-int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
- ((void) data);
- ((void) crt);
- ((void) certificate_depth);
- *flags = 0;
-
- return 0;
-}
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates )
-{
- ((void) data);
- ((void) child);
- ((void) candidates);
-
- return -1;
-}
-
-int ca_callback( void *data, mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidates )
-{
- int ret = 0;
- mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
- mbedtls_x509_crt *first;
-
- /* This is a test-only implementation of the CA callback
- * which always returns the entire list of trusted certificates.
- * Production implementations managing a large number of CAs
- * should use an efficient presentation and lookup for the
- * set of trusted certificates (such as a hashtable) and only
- * return those trusted certificates which satisfy basic
- * parental checks, such as the matching of child `Issuer`
- * and parent `Subject` field. */
- ((void) child);
-
- first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
- if( first == NULL )
- {
- ret = -1;
- goto exit;
- }
- mbedtls_x509_crt_init( first );
-
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
- ret = -1;
- goto exit;
- }
-
- while( ca->next != NULL )
- {
- ca = ca->next;
- if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
- {
- ret = -1;
- goto exit;
- }
- }
-
-exit:
-
- if( ret != 0 )
- {
- mbedtls_x509_crt_free( first );
- mbedtls_free( first );
- first = NULL;
- }
-
- *candidates = first;
- return( ret );
-}
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-
-int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
- int *levels = (int *) data;
-
- ((void) crt);
- ((void) certificate_depth);
-
- /* Simulate a fatal error in the callback */
- if( *levels & ( 1 << certificate_depth ) )
- {
- *flags |= ( 1 << certificate_depth );
- return( -1 - certificate_depth );
- }
-
- return( 0 );
-}
-
-/* strsep() not available on Windows */
-char *mystrsep(char **stringp, const char *delim)
-{
- const char *p;
- char *ret = *stringp;
-
- if( *stringp == NULL )
- return( NULL );
-
- for( ; ; (*stringp)++ )
- {
- if( **stringp == '\0' )
- {
- *stringp = NULL;
- goto done;
- }
-
- for( p = delim; *p != '\0'; p++ )
- if( **stringp == *p )
- {
- **stringp = '\0';
- (*stringp)++;
- goto done;
- }
- }
-
-done:
- return( ret );
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-typedef struct {
- char buf[512];
- char *p;
-} verify_print_context;
-
-void verify_print_init( verify_print_context *ctx )
-{
- memset( ctx, 0, sizeof( verify_print_context ) );
- ctx->p = ctx->buf;
-}
-
-int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
- int ret;
- verify_print_context *ctx = (verify_print_context *) data;
- char *p = ctx->p;
- size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
- ((void) flags);
-
- ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
- MBEDTLS_X509_SAFE_SNPRINTF;
-
- ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
- MBEDTLS_X509_SAFE_SNPRINTF;
-
- ret = mbedtls_snprintf( p, n, " - subject " );
- MBEDTLS_X509_SAFE_SNPRINTF;
-
- ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
- MBEDTLS_X509_SAFE_SNPRINTF;
-
- ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
- MBEDTLS_X509_SAFE_SNPRINTF;
-
- ctx->p = p;
-
- return( 0 );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_cert_info( char * crt_file, char * result_str )
-{
- mbedtls_x509_crt crt;
- char buf[2000];
- int res;
-
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_info( char * crl_file, char * result_str )
-{
- mbedtls_x509_crl crl;
- char buf[2000];
- int res;
-
- mbedtls_x509_crl_init( &crl );
- memset( buf, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
- res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
- mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_parse( char * crl_file, int result )
-{
- mbedtls_x509_crl crl;
- char buf[2000];
-
- mbedtls_x509_crl_init( &crl );
- memset( buf, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
-
-exit:
- mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_info( char * csr_file, char * result_str )
-{
- mbedtls_x509_csr csr;
- char buf[2000];
- int res;
-
- mbedtls_x509_csr_init( &csr );
- memset( buf, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
- res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
- mbedtls_x509_csr_free( &csr );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_info( int flags, char * prefix, char * result_str )
-{
- char buf[2000];
- int res;
-
- memset( buf, 0, sizeof( buf ) );
-
- res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
-
- TEST_ASSERT( res >= 0 );
-
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
-void x509_verify_restart( char *crt_file, char *ca_file,
- int result, int flags_result,
- int max_ops, int min_restart, int max_restart )
-{
- int ret, cnt_restart;
- mbedtls_x509_crt_restart_ctx rs_ctx;
- mbedtls_x509_crt crt;
- mbedtls_x509_crt ca;
- uint32_t flags = 0;
-
- /*
- * See comments on ecp_test_vect_restart() for op count precision.
- *
- * For reference, with mbed TLS 2.6 and default settings:
- * - ecdsa_verify() for P-256: ~ 6700
- * - ecdsa_verify() for P-384: ~ 18800
- * - x509_verify() for server5 -> test-ca2: ~ 18800
- * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
- */
-
- mbedtls_x509_crt_restart_init( &rs_ctx );
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-
- mbedtls_ecp_set_max_ops( max_ops );
-
- cnt_restart = 0;
- do {
- ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
- &mbedtls_x509_crt_profile_default, NULL, &flags,
- NULL, NULL, &rs_ctx );
- } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
-
- TEST_ASSERT( ret == result );
- TEST_ASSERT( flags == (uint32_t) flags_result );
-
- TEST_ASSERT( cnt_restart >= min_restart );
- TEST_ASSERT( cnt_restart <= max_restart );
-
- /* Do we leak memory when aborting? */
- ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
- &mbedtls_x509_crt_profile_default, NULL, &flags,
- NULL, NULL, &rs_ctx );
- TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
-
-exit:
- mbedtls_x509_crt_restart_free( &rs_ctx );
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
-void x509_verify( char *crt_file, char *ca_file, char *crl_file,
- char *cn_name_str, int result, int flags_result,
- char *profile_str,
- char *verify_callback )
-{
- mbedtls_x509_crt crt;
- mbedtls_x509_crt ca;
- mbedtls_x509_crl crl;
- uint32_t flags = 0;
- int res;
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
- char * cn_name = NULL;
- const mbedtls_x509_crt_profile *profile;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- TEST_ASSERT( psa_crypto_init() == 0 );
-#endif
-
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
- mbedtls_x509_crl_init( &crl );
-
- if( strcmp( cn_name_str, "NULL" ) != 0 )
- cn_name = cn_name_str;
-
- if( strcmp( profile_str, "" ) == 0 )
- profile = &mbedtls_x509_crt_profile_default;
- else if( strcmp( profile_str, "next" ) == 0 )
- profile = &mbedtls_x509_crt_profile_next;
- else if( strcmp( profile_str, "suite_b" ) == 0 )
- profile = &mbedtls_x509_crt_profile_suiteb;
- else if( strcmp( profile_str, "compat" ) == 0 )
- profile = &compat_profile;
- else
- TEST_ASSERT( "Unknown algorithm profile" == 0 );
-
- if( strcmp( verify_callback, "NULL" ) == 0 )
- f_vrfy = NULL;
- else if( strcmp( verify_callback, "verify_none" ) == 0 )
- f_vrfy = verify_none;
- else if( strcmp( verify_callback, "verify_all" ) == 0 )
- f_vrfy = verify_all;
- else
- TEST_ASSERT( "No known verify callback selected" == 0 );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
-
- res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
-
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- /* CRLs aren't supported with CA callbacks, so skip the CA callback
- * version of the test if CRLs are in use. */
- if( crl_file == NULL || strcmp( crl_file, "" ) == 0 )
- {
- flags = 0;
-
- res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL );
-
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
- }
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
- mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name,
- int exp_ret )
-{
- int ret;
- mbedtls_x509_crt crt;
- mbedtls_x509_crt ca;
- uint32_t flags = 0;
-
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-
- if( strcmp( name, "NULL" ) == 0 )
- name = NULL;
-
- ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca,
- &compat_profile, name, &flags,
- NULL, NULL );
-
- TEST_ASSERT( ret == exp_ret );
- TEST_ASSERT( flags == (uint32_t)( -1 ) );
-exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_callback( char *crt_file, char *ca_file, char *name,
- int exp_ret, char *exp_vrfy_out )
-{
- int ret;
- mbedtls_x509_crt crt;
- mbedtls_x509_crt ca;
- uint32_t flags = 0;
- verify_print_context vrfy_ctx;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- TEST_ASSERT( psa_crypto_init() == 0 );
-#endif
-
- mbedtls_x509_crt_init( &crt );
- mbedtls_x509_crt_init( &ca );
- verify_print_init( &vrfy_ctx );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-
- if( strcmp( name, "NULL" ) == 0 )
- name = NULL;
-
- ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
- &compat_profile,
- name, &flags,
- verify_print, &vrfy_ctx );
-
- TEST_ASSERT( ret == exp_ret );
- TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_free( &ca );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
-{
- mbedtls_x509_crt crt;
- char buf[2000];
- int res = 0;
-
- mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- if( strcmp( entity, "subject" ) == 0 )
- res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
- else if( strcmp( entity, "issuer" ) == 0 )
- res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
-{
- mbedtls_x509_crt crt;
-
- mbedtls_x509_crt_init( &crt );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
- if( strcmp( entity, "valid_from" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
- else if( strcmp( entity, "valid_to" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
-{
- mbedtls_x509_crt crt;
-
- mbedtls_x509_crt_init( &crt );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
- if( strcmp( entity, "valid_from" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
- else if( strcmp( entity, "valid_to" ) == 0 )
- TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
- else
- TEST_ASSERT( "Unknown entity" == 0 );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
-void x509parse_crt_file( char * crt_file, int result )
-{
- mbedtls_x509_crt crt;
-
- mbedtls_x509_crt_init( &crt );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( data_t * buf, char * result_str, int result )
-{
- mbedtls_x509_crt crt;
- unsigned char output[2000];
- int res;
-
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
- }
-
- mbedtls_x509_crt_free( &crt );
- mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
- }
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( data_t * buf, char * result_str, int result )
-{
- mbedtls_x509_crl crl;
- unsigned char output[2000];
- int res;
-
- mbedtls_x509_crl_init( &crl );
- memset( output, 0, 2000 );
-
-
- TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
- if( ( result ) == 0 )
- {
- res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
-
- TEST_ASSERT( res != -1 );
- TEST_ASSERT( res != -2 );
-
- TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
- }
-
-exit:
- mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
-{
- mbedtls_x509_csr csr;
- char my_out[1000];
- int my_ret;
-
- mbedtls_x509_csr_init( &csr );
- memset( my_out, 0, sizeof( my_out ) );
-
- my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
- TEST_ASSERT( my_ret == ref_ret );
-
- if( ref_ret == 0 )
- {
- size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
- TEST_ASSERT( my_out_len == strlen( ref_out ) );
- TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
- }
-
-exit:
- mbedtls_x509_csr_free( &csr );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
-{
- mbedtls_x509_crt chain, *cur;
- int i;
-
- mbedtls_x509_crt_init( &chain );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
-
- /* Check how many certs we got */
- for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
- if( cur->raw.p != NULL )
- i++;
-
- TEST_ASSERT( i == nb_crt );
-
-exit:
- mbedtls_x509_crt_free( &chain );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
- int ret_chk, int flags_chk )
-{
- char file_buf[128];
- int ret;
- uint32_t flags;
- mbedtls_x509_crt trusted, chain;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- TEST_ASSERT( psa_crypto_init() == 0 );
-#endif
-
- /*
- * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
- * with NN.crt signed by NN-1.crt
- */
-
- mbedtls_x509_crt_init( &trusted );
- mbedtls_x509_crt_init( &chain );
-
- /* Load trusted root */
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
-
- /* Load a chain with nb_int intermediates (from 01 to nb_int),
- * plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
- nb_int + 1 );
- TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
-
- /* Try to verify that chain */
- ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
- NULL, NULL );
- TEST_ASSERT( ret == ret_chk );
- TEST_ASSERT( flags == (uint32_t) flags_chk );
-
-exit:
- mbedtls_x509_crt_free( &chain );
- mbedtls_x509_crt_free( &trusted );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
- int flags_result, int result,
- char *profile_name, int vrfy_fatal_lvls )
-{
- char* act;
- uint32_t flags;
- int res;
- mbedtls_x509_crt trusted, chain;
- const mbedtls_x509_crt_profile *profile = NULL;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- TEST_ASSERT( psa_crypto_init() == 0 );
-#endif
-
- mbedtls_x509_crt_init( &chain );
- mbedtls_x509_crt_init( &trusted );
-
- while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
-
- if( strcmp( profile_name, "" ) == 0 )
- profile = &mbedtls_x509_crt_profile_default;
- else if( strcmp( profile_name, "next" ) == 0 )
- profile = &mbedtls_x509_crt_profile_next;
- else if( strcmp( profile_name, "suiteb" ) == 0 )
- profile = &mbedtls_x509_crt_profile_suiteb;
- else if( strcmp( profile_name, "rsa3072" ) == 0 )
- profile = &profile_rsa3072;
- else if( strcmp( profile_name, "sha512" ) == 0 )
- profile = &profile_sha512;
-
- res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
- NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
-
- TEST_ASSERT( res == ( result ) );
- TEST_ASSERT( flags == (uint32_t)( flags_result ) );
-
-exit:
- mbedtls_x509_crt_free( &trusted );
- mbedtls_x509_crt_free( &chain );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( data_t * buf, char * ref_desc )
-{
- mbedtls_x509_buf oid;
- const char *desc = NULL;
- int ret;
-
-
- oid.tag = MBEDTLS_ASN1_OID;
- oid.p = buf->x;
- oid.len = buf->len;
-
- ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
-
- if( strcmp( ref_desc, "notfound" ) == 0 )
- {
- TEST_ASSERT( ret != 0 );
- TEST_ASSERT( desc == NULL );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
- TEST_ASSERT( desc != NULL );
- TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
-{
- mbedtls_x509_buf oid;
- char num_buf[100];
-
- memset( num_buf, 0x2a, sizeof num_buf );
-
- oid.tag = MBEDTLS_ASN1_OID;
- oid.p = oid_buf->x;
- oid.len = oid_buf->len;
-
- TEST_ASSERT( (size_t) blen <= sizeof num_buf );
-
- TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
-
- if( ret >= 0 )
- {
- TEST_ASSERT( num_buf[ret] == 0 );
- TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
-void x509_check_key_usage( char * crt_file, int usage, int ret )
-{
- mbedtls_x509_crt crt;
-
- mbedtls_x509_crt_init( &crt );
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
- TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
- )
-{
- mbedtls_x509_crt crt;
-
- mbedtls_x509_crt_init( &crt );
-
-
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
- TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
-
-exit:
- mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
- int day, int hour, int min, int sec )
-{
- mbedtls_x509_time time;
- unsigned char buf[21];
- unsigned char* start = buf;
- unsigned char* end = buf;
-
- memset( &time, 0x00, sizeof( time ) );
- *end = (unsigned char)tag; end++;
- *end = strlen( time_str );
- TEST_ASSERT( *end < 20 );
- end++;
- memcpy( end, time_str, (size_t)*(end - 1) );
- end += *(end - 1);
-
- TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
- if( ret == 0 )
- {
- TEST_ASSERT( year == time.year );
- TEST_ASSERT( mon == time.mon );
- TEST_ASSERT( day == time.day );
- TEST_ASSERT( hour == time.hour );
- TEST_ASSERT( min == time.min );
- TEST_ASSERT( sec == time.sec );
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
- int ref_msg_md, int ref_mgf_md,
- int ref_salt_len, int ref_ret )
-{
- int my_ret;
- mbedtls_x509_buf params;
- mbedtls_md_type_t my_msg_md, my_mgf_md;
- int my_salt_len;
-
- params.p = hex_params->x;
- params.len = hex_params->len;
- params.tag = params_tag;
-
- my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
- &my_salt_len );
-
- TEST_ASSERT( my_ret == ref_ret );
-
- if( ref_ret == 0 )
- {
- TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
- TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
- TEST_ASSERT( my_salt_len == ref_salt_len );
- }
-
-exit:
- ;;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest( )
-{
- TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
deleted file mode 100644
index 54d7270..0000000
--- a/tests/suites/test_suite_x509write.data
+++ /dev/null
@@ -1,105 +0,0 @@
-Certificate Request check Server1 SHA1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
-
-Certificate Request check Server1 SHA224
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
-
-Certificate Request check Server1 SHA256
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
-
-Certificate Request check Server1 SHA384
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
-
-Certificate Request check Server1 SHA512
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
-
-Certificate Request check Server1 MD4
-depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
-
-Certificate Request check Server1 MD5
-depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
-
-Certificate Request check Server1 key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
-
-Certificate Request check Server1 key_usage empty
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
-
-Certificate Request check Server1 ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
-
-Certificate Request check Server1 ns_cert_type empty
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
-
-Certificate Request check Server1 key_usage + ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
-
-Certificate Request check Server5 ECDSA, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
-
-Certificate Request check opaque Server5 ECDSA, key_usage
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
-
-Certificate write check Server1 SHA1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
-
-Certificate write check Server1 SHA1, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
-
-Certificate write check Server1 SHA1, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
-
-Certificate write check Server1 SHA1, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
-
-Certificate write check Server1 SHA1, RSA_ALT
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
-
-X509 String to Names #1
-mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
-
-X509 String to Names #2
-mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
-
-X509 String to Names #3 (Name precisely 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
-
-X509 String to Names #4 (Name larger than 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
-
-X509 String to Names #5 (Escape non-allowed characters)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
-
-X509 String to Names #6 (Escape at end)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
deleted file mode 100644
index e15802f..0000000
--- a/tests/suites/test_suite_x509write.function
+++ /dev/null
@@ -1,338 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/rsa.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif
-
-
-#if defined(MBEDTLS_RSA_C)
-int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
-{
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
- input, output, output_max_len ) );
-}
-int mbedtls_rsa_sign_func( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
-{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash, sig ) );
-}
-size_t mbedtls_rsa_key_len_func( void *ctx )
-{
- return( ((const mbedtls_rsa_context *) ctx)->len );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
-{
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
- mbedtls_x509_csr csr;
-
- if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
- md_info = mbedtls_md_info_from_type( csr.sig_md );
- if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
- {
- /* Note: this can't happen except after an internal error */
- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
- }
-
- if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_md_get_size( md_info ),
- csr.sig.p, csr.sig.len ) != 0 )
- {
- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
- }
-
- return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
- int key_usage, int set_key_usage, int cert_type,
- int set_cert_type )
-{
- mbedtls_pk_context key;
- mbedtls_x509write_csr req;
- unsigned char buf[4096];
- unsigned char check_buf[4000];
- int ret;
- size_t olen = 0, pem_len = 0;
- int der_len = -1;
- FILE *f;
- const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
- rnd_pseudo_info rnd_info;
-
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
-
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
-
- mbedtls_x509write_csr_init( &req );
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
-
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
-
- pem_len = strlen( (char *) buf );
-
- f = fopen( cert_req_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
-
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
-
- der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( der_len >= 0 );
-
- if( der_len == 0 )
- goto exit;
-
- ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
-void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
- int cert_type )
-{
- mbedtls_pk_context key;
- psa_key_handle_t slot;
- psa_algorithm_t md_alg_psa;
- mbedtls_x509write_csr req;
- unsigned char buf[4096];
- int ret;
- size_t pem_len = 0;
- const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
- rnd_pseudo_info rnd_info;
-
- psa_crypto_init();
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
-
- md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
- TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
-
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
-
- mbedtls_x509write_csr_init( &req );
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
-
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
-
- pem_len = strlen( (char *) buf );
- buf[pem_len] = '\0';
- TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
-
-exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
-void x509_crt_check( char *subject_key_file, char *subject_pwd,
- char *subject_name, char *issuer_key_file,
- char *issuer_pwd, char *issuer_name,
- char *serial_str, char *not_before, char *not_after,
- int md_type, int key_usage, int set_key_usage,
- int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int rsa_alt )
-{
- mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
- mbedtls_pk_context *key = &issuer_key;
-
- mbedtls_x509write_cert crt;
- unsigned char buf[4096];
- unsigned char check_buf[5000];
- mbedtls_mpi serial;
- int ret;
- size_t olen = 0, pem_len = 0;
- int der_len = -1;
- FILE *f;
- rnd_pseudo_info rnd_info;
-
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
- mbedtls_mpi_init( &serial );
-
- mbedtls_pk_init( &subject_key );
- mbedtls_pk_init( &issuer_key );
- mbedtls_pk_init( &issuer_key_alt );
-
- mbedtls_x509write_crt_init( &crt );
-
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
- subject_pwd ) == 0 );
-
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
- issuer_pwd ) == 0 );
-
-#if defined(MBEDTLS_RSA_C)
- /* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
- {
- TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
- mbedtls_pk_rsa( issuer_key ),
- mbedtls_rsa_decrypt_func,
- mbedtls_rsa_sign_func,
- mbedtls_rsa_key_len_func ) == 0 );
-
- key = &issuer_key_alt;
- }
-#else
- (void) rsa_alt;
-#endif
-
- TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
-
- if( ver != -1 )
- mbedtls_x509write_crt_set_version( &crt, ver );
-
- TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
- not_after ) == 0 );
- mbedtls_x509write_crt_set_md_alg( &crt, md_type );
- TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
- mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
-
- mbedtls_x509write_crt_set_issuer_key( &crt, key );
-
- if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
- {
- TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
- if( auth_ident )
- TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
- }
-
- ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
-
- pem_len = strlen( (char *) buf );
-
- f = fopen( cert_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
- TEST_ASSERT( olen < sizeof( check_buf ) );
-
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
-
- der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( der_len >= 0 );
-
- if( der_len == 0 )
- goto exit;
-
- ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
- rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-exit:
- mbedtls_x509write_crt_free( &crt );
- mbedtls_pk_free( &issuer_key_alt );
- mbedtls_pk_free( &subject_key );
- mbedtls_pk_free( &issuer_key );
- mbedtls_mpi_free( &serial );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
- )
-{
- int ret;
- size_t len = 0;
- mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
- unsigned char buf[1024], out[1024], *c;
-
- memset( &parsed, 0, sizeof( parsed ) );
- memset( out, 0, sizeof( out ) );
- memset( buf, 0, sizeof( buf ) );
- c = buf + sizeof( buf );
-
- ret = mbedtls_x509_string_to_names( &names, name );
- TEST_ASSERT( ret == result );
-
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_x509_write_names( &c, buf, names );
- TEST_ASSERT( ret > 0 );
-
- TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
- TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
-
- ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
- TEST_ASSERT( ret > 0 );
-
- TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
-
-exit:
- mbedtls_asn1_free_named_data_list( &names );
-
- parsed_cur = parsed.next;
- while( parsed_cur != 0 )
- {
- parsed_prv = parsed_cur;
- parsed_cur = parsed_cur->next;
- mbedtls_free( parsed_prv );
- }
-}
-/* END_CASE */
diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/crypto_examples.vcxproj
similarity index 97%
copy from visualc/VS2010/dh_server.vcxproj
copy to visualc/VS2010/crypto_examples.vcxproj
index 6f87cb8..9ca6b64 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/crypto_examples.vcxproj
@@ -19,7 +19,7 @@
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
- <ClCompile Include="..\..\programs\pkey\dh_server.c" />
+ <ClCompile Include="..\..\programs\psa\crypto_examples.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -28,9 +28,9 @@
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{8D91B804-E2CE-142D-8E06-FBB037ED1F65}</ProjectGuid>
+ <ProjectGuid>{020C31BD-C4DF-BABA-E537-F517C4E98537}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>dh_server</RootNamespace>
+ <RootNamespace>crypto_examples</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj
deleted file mode 100644
index b2fae80..0000000
--- a/visualc/VS2010/dh_client.vcxproj
+++ /dev/null
@@ -1,174 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|Win32">
- <Configuration>Debug</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Debug|x64">
- <Configuration>Debug</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|Win32">
- <Configuration>Release</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|x64">
- <Configuration>Release</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="..\..\programs\pkey\dh_client.c" />
- </ItemGroup>
- <ItemGroup>
- <ProjectReference Include="mbedTLS.vcxproj">
- <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
- <LinkLibraryDependencies>true</LinkLibraryDependencies>
- </ProjectReference>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}</ProjectGuid>
- <Keyword>Win32Proj</Keyword>
- <RootNamespace>dh_client</RootNamespace>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj
similarity index 97%
copy from visualc/VS2010/dh_server.vcxproj
copy to visualc/VS2010/key_ladder_demo.vcxproj
index 6f87cb8..80914ff 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/key_ladder_demo.vcxproj
@@ -19,7 +19,7 @@
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
- <ClCompile Include="..\..\programs\pkey\dh_server.c" />
+ <ClCompile Include="..\..\programs\psa\key_ladder_demo.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -28,9 +28,9 @@
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{8D91B804-E2CE-142D-8E06-FBB037ED1F65}</ProjectGuid>
+ <ProjectGuid>{778777A0-393D-45E8-83C1-EAF487236F1F}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>dh_server</RootNamespace>
+ <RootNamespace>key_ladder_demo</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 5d2c99c..9645016 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -23,21 +23,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_client", "dh_client.vcxproj", "{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_genprime", "dh_genprime.vcxproj", "{718960D9-5DA6-7B56-39AD-637E81076C71}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_server", "dh_server.vcxproj", "{8D91B804-E2CE-142D-8E06-FBB037ED1F65}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecdh_curve25519", "ecdh_curve25519.vcxproj", "{82EE497E-12CC-7C5B-A072-665678ACB43E}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -123,6 +113,21 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypto_examples", "crypto_examples.vcxproj", "{020C31BD-C4DF-BABA-E537-F517C4E98537}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_ladder_demo", "key_ladder_demo.vcxproj", "{778777A0-393D-45E8-83C1-EAF487236F1F}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "psa_constant_names", "psa_constant_names.vcxproj", "{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_client", "dtls_client.vcxproj", "{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -291,14 +296,6 @@
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.Build.0 = Debug|x64
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.ActiveCfg = Release|Win32
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.Build.0 = Release|Win32
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.ActiveCfg = Release|x64
- {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.Build.0 = Release|x64
{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.ActiveCfg = Debug|Win32
{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.Build.0 = Debug|Win32
{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.ActiveCfg = Debug|x64
@@ -307,14 +304,6 @@
{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.Build.0 = Release|Win32
{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.ActiveCfg = Release|x64
{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.Build.0 = Release|x64
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.ActiveCfg = Debug|Win32
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.Build.0 = Debug|Win32
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.ActiveCfg = Debug|x64
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.Build.0 = Debug|x64
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.ActiveCfg = Release|Win32
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.Build.0 = Release|Win32
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.ActiveCfg = Release|x64
- {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.Build.0 = Release|x64
{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.ActiveCfg = Debug|Win32
{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.Build.0 = Debug|Win32
{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|x64.ActiveCfg = Debug|x64
@@ -451,6 +440,30 @@
{95C50864-854C-2A11-4C91-BCE654E344FB}.Release|Win32.Build.0 = Release|Win32
{95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.ActiveCfg = Release|x64
{95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.Build.0 = Release|x64
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|Win32.ActiveCfg = Debug|Win32
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|Win32.Build.0 = Debug|Win32
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|x64.ActiveCfg = Debug|x64
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|x64.Build.0 = Debug|x64
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|Win32.ActiveCfg = Release|Win32
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|Win32.Build.0 = Release|Win32
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|x64.ActiveCfg = Release|x64
+ {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|x64.Build.0 = Release|x64
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|Win32.ActiveCfg = Debug|Win32
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|Win32.Build.0 = Debug|Win32
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|x64.ActiveCfg = Debug|x64
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|x64.Build.0 = Debug|x64
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|Win32.ActiveCfg = Release|Win32
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|Win32.Build.0 = Release|Win32
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|x64.ActiveCfg = Release|x64
+ {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|x64.Build.0 = Release|x64
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|Win32.ActiveCfg = Debug|Win32
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|Win32.Build.0 = Debug|Win32
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|x64.ActiveCfg = Debug|x64
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|x64.Build.0 = Debug|x64
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.ActiveCfg = Release|Win32
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.Build.0 = Release|Win32
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.ActiveCfg = Release|x64
+ {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.Build.0 = Release|x64
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.ActiveCfg = Debug|Win32
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.Build.0 = Debug|Win32
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|x64.ActiveCfg = Debug|x64
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 133fd06..c56e976 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -225,6 +225,23 @@
<ClInclude Include="..\..\include\mbedtls\x509_crt.h" />
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
+ <ClInclude Include="..\..\include\psa\crypto.h" />
+ <ClInclude Include="..\..\include\psa\crypto_accel_driver.h" />
+ <ClInclude Include="..\..\include\psa\crypto_driver_common.h" />
+ <ClInclude Include="..\..\include\psa\crypto_entropy_driver.h" />
+ <ClInclude Include="..\..\include\psa\crypto_extra.h" />
+ <ClInclude Include="..\..\include\psa\crypto_platform.h" />
+ <ClInclude Include="..\..\include\psa\crypto_se_driver.h" />
+ <ClInclude Include="..\..\include\psa\crypto_sizes.h" />
+ <ClInclude Include="..\..\include\psa\crypto_struct.h" />
+ <ClInclude Include="..\..\include\psa\crypto_types.h" />
+ <ClInclude Include="..\..\include\psa\crypto_values.h" />
+ <ClInclude Include="..\..\library/psa_crypto_core.h" />
+ <ClInclude Include="..\..\library/psa_crypto_invasive.h" />
+ <ClInclude Include="..\..\library/psa_crypto_its.h" />
+ <ClInclude Include="..\..\library/psa_crypto_service_integration.h" />
+ <ClInclude Include="..\..\library/psa_crypto_slot_management.h" />
+ <ClInclude Include="..\..\library/psa_crypto_storage.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\library\aes.c" />
@@ -281,6 +298,10 @@
<ClCompile Include="..\..\library\platform.c" />
<ClCompile Include="..\..\library\platform_util.c" />
<ClCompile Include="..\..\library\poly1305.c" />
+ <ClCompile Include="..\..\library\psa_crypto.c" />
+ <ClCompile Include="..\..\library\psa_crypto_slot_management.c" />
+ <ClCompile Include="..\..\library\psa_crypto_storage.c" />
+ <ClCompile Include="..\..\library\psa_its_file.c" />
<ClCompile Include="..\..\library\ripemd160.c" />
<ClCompile Include="..\..\library\rsa.c" />
<ClCompile Include="..\..\library\rsa_internal.c" />
diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj
similarity index 97%
rename from visualc/VS2010/dh_server.vcxproj
rename to visualc/VS2010/psa_constant_names.vcxproj
index 6f87cb8..2618c7c 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/psa_constant_names.vcxproj
@@ -19,7 +19,7 @@
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
- <ClCompile Include="..\..\programs\pkey\dh_server.c" />
+ <ClCompile Include="..\..\programs\psa\psa_constant_names.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -28,9 +28,9 @@
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{8D91B804-E2CE-142D-8E06-FBB037ED1F65}</ProjectGuid>
+ <ProjectGuid>{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>dh_server</RootNamespace>
+ <RootNamespace>psa_constant_names</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj
index 83a29f0..dcb6f32 100644
--- a/visualc/VS2010/query_compile_time_config.vcxproj
+++ b/visualc/VS2010/query_compile_time_config.vcxproj
@@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\test\query_compile_time_config.c" />
- <ClCompile Include="..\..\programs\ssl\query_config.c" />
+ <ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj
index a960fac..9b6db7f 100644
--- a/visualc/VS2010/ssl_client2.vcxproj
+++ b/visualc/VS2010/ssl_client2.vcxproj
@@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_client2.c" />
- <ClCompile Include="..\..\programs\ssl\query_config.c" />
+ <ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj
index 06a91cb..9bfe6ce 100644
--- a/visualc/VS2010/ssl_server2.vcxproj
+++ b/visualc/VS2010/ssl_server2.vcxproj
@@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_server2.c" />
- <ClCompile Include="..\..\programs\ssl\query_config.c" />
+ <ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">