Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc
Validation remove change auth enc
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..ceb59d7
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+# Classify all '.function' files as C for syntax highlighting purposes
+*.function linguist-language=C
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f2741d4..59a960a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -120,38 +120,33 @@
# Create a symbolic link from ${base_name} in the binary directory
# to the corresponding path in the source directory.
+# Note: Copies the file(s) on Windows.
function(link_to_source base_name)
- # Get OS dependent path to use in `execute_process`
- if (CMAKE_HOST_WIN32)
- #mklink is an internal command of cmd.exe it can only work with \
- string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- else()
- set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- endif()
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
# Linking to non-existent file is not desirable. At best you will have a
# dangling link, but when building in tree, this can create a symbolic link
# to itself.
if (EXISTS ${target} AND NOT EXISTS ${link})
if (CMAKE_HOST_UNIX)
- set(command ln -s ${target} ${link})
+ execute_process(COMMAND ln -s ${target} ${link}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
else()
if (IS_DIRECTORY ${target})
- set(command cmd.exe /c mklink /j ${link} ${target})
+ file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
+ foreach(file IN LISTS files)
+ configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
+ endforeach(file)
else()
- set(command cmd.exe /c mklink /h ${link} ${target})
+ configure_file(${target} ${link} COPYONLY)
endif()
endif()
-
- execute_process(COMMAND ${command}
- RESULT_VARIABLE result
- ERROR_VARIABLE output)
-
- if (NOT ${result} EQUAL 0)
- message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
- endif()
endif()
endfunction(link_to_source)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index cea12f1..319f02d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,8 +19,6 @@
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
-1. All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
-1. Ensure that each commit has at least one `Signed-off-by:` line from the committer. If anyone else contributes to the commit, they should also add their own `Signed-off-by:` line. By adding this line, contributor(s) certify that the contribution is made under the terms of the [Developer Certificate of Origin](dco.txt). The contribution licensing is described in the [License section of the README](README.md#License).
Backwards Compatibility
-----------------------
@@ -79,3 +77,12 @@
1. If needed, a Readme file is advised.
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
+
+License and Copyright
+---------------------
+
+All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. For licensing details, please see the [License section of the README](README.md#License).
+
+The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
+
+When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and be subject to the same Apache 2.0 license. This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
new file mode 100644
index 0000000..2062bcb
--- /dev/null
+++ b/ChangeLog.d/driver-only-hashes.txt
@@ -0,0 +1,20 @@
+Features
+ * Some crypto modules that previously depended on MD or a low-level hash
+ module, either unconditionally (RSA, PK, PKCS5, PKCS12, EC J-PAKE), or
+ for some features (PEM for encrypted files), are now able to use PSA
+ Crypto instead when the legacy API is not available. This means it is
+ now possible to use all features from those modules in configurations
+ where the built-in implementations of hashes are excluded and the hashes
+ are only provided by PSA drivers. In these configurations, you need to
+ call `psa_crypto_init()` before you call any function from those
+ modules; this is not required in configurations where the built-in
+ implementation is still available. Note that some crypto modules and
+ features still depend on the built-in implementation of hashes:
+ MBEDTLS_HKDF_C (but the PSA HKDF function do not depend on it),
+ MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and MBEDTLS_ECDSA_DETERMINISTIC.
+ In particular, for now, compiling without built-in hashes requires use
+ of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no
+ longer depend on MD. This means it is now possible to use them in
+ configurations where the built-in implementations of hashes are excluded
+ and the hashes are only provided by PSA drivers.
diff --git a/ChangeLog.d/fix_hard_link_across_drives b/ChangeLog.d/fix_hard_link_across_drives
new file mode 100644
index 0000000..0c55c30
--- /dev/null
+++ b/ChangeLog.d/fix_hard_link_across_drives
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a build issue on Windows where the source and build directory could not be on
+ different drives (#5751).
diff --git a/ChangeLog.d/psa_crypto_pake.txt b/ChangeLog.d/psa_crypto_pake.txt
new file mode 100644
index 0000000..e0ae046
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_pake.txt
@@ -0,0 +1,4 @@
+Features
+ * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API.
+ Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
+ are supported in this implementation.
diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh
index 6aab6bd..67510c1 100755
--- a/docs/architecture/psa-migration/outcome-analysis.sh
+++ b/docs/architecture/psa-migration/outcome-analysis.sh
@@ -34,8 +34,6 @@
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- scripts/config.py unset MBEDTLS_PKCS5_C
- scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
}
# Space-separated list of test suites of interest.
@@ -116,4 +114,3 @@
compare_builds before-default after-default
compare_builds before-full after-full
compare_builds reference drivers
-
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index e2efeb9..e565b28 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -29,11 +29,6 @@
[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
-PSA Crypto has an experimental API for EC J-PAKE, but it's not implemented in
-Mbed TLS yet. See the [EC J-PAKE follow-up EPIC][ecjp] on github.
-
-[ecjp]: https://github.com/orgs/Mbed-TLS/projects/1#column-17950140
-
Arbitrary parameters for FFDH
-----------------------------
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 8d2d59f..0ad5fa0 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -345,19 +345,29 @@
only be included in the build if it is possible to use that hash in some way.
In order to cater to these new needs, new families of macros are introduced in
-`library/legacy_or_psa.h`, see its documentation for details.
+`legacy_or_psa.h`, see its documentation for details.
It should be noted that there are currently:
- too many different ways of computing a hash (low-level, MD, PSA);
- too many different ways to configure the library that influence which of
these ways is available and will be used (`MBEDTLS_USE_PSA_CRYPTO`,
-`MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
+ `MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
As a result, we need more families of dependency macros than we'd like to.
This is a temporary situation until we move to a place where everything is
based on PSA Crypto. In the meantime, long and explicit names where chosen for
the new macros in the hope of avoiding confusion.
+Note: the new macros supplement but do not replace the existing macros:
+- code that always uses PSA Crypto (for example, code specific to TLS 1.3)
+ should use `PSA_WANT_xxx`;
+- code that always uses the legacy API (for example, crypto modules that have
+ not undergone step 1 yet) should use `MBEDTLS_xxx_C`;
+- code that may use one of the two APIs, either based on
+ `MBEDTLS_USE_PSA_CRYPTO` (X.509, TLS 1.2, shared between TLS 1.2 and 1.3),
+ or based on availability (crypto modules after step 1), should use one of
+ the new macros from `legacy_or_psa.h`.
+
Executing step 3 will mostly consist of using the right dependency macros in
the right places (once the previous steps are done).
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 234debd..6195ac9 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -77,7 +77,11 @@
#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
#define MBEDTLS_PK_WRITE_C
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+
+/* Make sure all configuration symbols are set before including check_config.h,
+ * even the ones that are calculated programmatically. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
+ defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
#include "mbedtls/config_psa.h"
#endif
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b5d2c40..1038706 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -154,12 +154,14 @@
#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PKCS5_C) && (!defined(MBEDTLS_MD_C) || \
- !defined(MBEDTLS_CIPHER_C))
+#if defined(MBEDTLS_PKCS5_C) && \
+ ( !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) || \
+ !defined(MBEDTLS_CIPHER_C) )
#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C)
+#if defined(MBEDTLS_PKCS12_C) && \
+ !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) )
#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
#endif
@@ -318,11 +320,20 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
+ ( !defined(MBEDTLS_ECJPAKE_C) || \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
+/* Use of EC J-PAKE in TLS requires SHA-256.
+ * This will be taken from MD if it is present, or from PSA if MD is absent.
+ * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ !( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) && \
+ !( !defined(MBEDTLS_MD_C) && defined(PSA_WANT_ALG_SHA_256) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
( !defined(MBEDTLS_SHA256_C) && \
@@ -748,18 +759,29 @@
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
-/*
- * HKDF is mandatory for TLS 1.3.
- * Otherwise support for at least one ciphersuite mandates either SHA_256 or
- * SHA_384.
- */
+/* TLS 1.3 requires separate HKDF parts from PSA */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- ( ( !defined(MBEDTLS_HKDF_C) ) || \
- ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \
- ( !defined(MBEDTLS_PSA_CRYPTO_C) ) )
+ !( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_HKDF_EXTRACT) && defined(PSA_WANT_ALG_HKDF_EXPAND) )
#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
#endif
+/* TLS 1.3 requires at least one ciphersuite, so at least SHA-256 or SHA-384 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/* We always need at least one of the hashes via PSA (for use with HKDF) */
+#if !( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384) )
+#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
+#endif /* !(PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384) */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+/* When USE_PSA_CRYPTO is not defined, we also need SHA-256 or SHA-384 via the
+ * legacy interface, including via the MD layer, for the parts of the code
+ * that are shared with TLS 1.2 (running handshake hash). */
+#if !defined(MBEDTLS_MD_C) || \
+ !( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
+#endif /* !MBEDTLS_MD_C || !(MBEDTLS_SHA256_C || MBEDTLS_SHA384_C) */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
/*
* The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
*/
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index fbfcdc3..2609787 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -146,6 +146,15 @@
#define MBEDTLS_MD5_C
#endif
+#if defined(PSA_WANT_ALG_JPAKE)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECJPAKE_C
+#endif /* PSA_WANT_ALG_JPAKE */
+
#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
#define MBEDTLS_RIPEMD160_C
@@ -620,10 +629,11 @@
#define PSA_WANT_ALG_HKDF_EXPAND 1
#endif /* MBEDTLS_HKDF_C */
-#if defined(MBEDTLS_MD_C)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_KEY_TYPE_HMAC
+
+#if defined(MBEDTLS_MD_C)
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
@@ -635,6 +645,12 @@
#define PSA_WANT_ALG_MD5 1
#endif
+#if defined(MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define PSA_WANT_ALG_JPAKE 1
+#endif
+
#if defined(MBEDTLS_RIPEMD160_C)
#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
#define PSA_WANT_ALG_RIPEMD160 1
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index ffdea05..e7ca1b2 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -259,6 +259,29 @@
void *p_rng );
/**
+ * \brief Write the shared key material to be passed to a Key
+ * Derivation Function as described in RFC8236.
+ *
+ * \param ctx The ECJPAKE context to use. This must be initialized,
+ * set up and have performed both round one and two.
+ * \param buf The buffer to write the derived secret to. This must
+ * be a writable buffer of length \p len Bytes.
+ * \param len The length of \p buf in Bytes.
+ * \param olen The address at which to store the total number of bytes
+ * written to \p buf. This must not be \c NULL.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This
+ * may be \c NULL if \p f_rng doesn't use a context.
+ *
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ecjpake_write_shared_key( mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/**
* \brief This clears an ECJPAKE context and frees any
* embedded data structure.
*
diff --git a/library/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h
similarity index 87%
rename from library/legacy_or_psa.h
rename to include/mbedtls/legacy_or_psa.h
index be0f33f..2156be9 100644
--- a/library/legacy_or_psa.h
+++ b/include/mbedtls/legacy_or_psa.h
@@ -1,6 +1,6 @@
/**
- * Internal macros to express dependencies for code and tests
- * that may use either the legacy API or PSA in various builds.
+ * Macros to express dependencies for code and tests that may use either the
+ * legacy API or PSA in various builds; mostly for internal use.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -19,6 +19,18 @@
*/
/*
+ * Note: applications that are targeting a specific configuration do not need
+ * to use these macros; instead they should directly use the functions they
+ * know are available in their configuration.
+ *
+ * Note: code that is purely based on PSA Crypto (psa_xxx() functions)
+ * does not need to use these macros; instead it should use the relevant
+ * PSA_WANT_xxx macros.
+ *
+ * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx())
+ * does not need to use these macros; instead it should use the relevant
+ * MBEDTLS_xxx macros.
+ *
* These macros are for code that wants to use <crypto feature> and will do so
* using <legacy API> or PSA depending on <condition>, where:
* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
@@ -36,15 +48,10 @@
* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
* MBEDTLS_USE_PSA_CRYPTO is defined;
- * - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
- * using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
- * otherwise;
- * - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
- * hashes using either `mbedtls_md5_xxx()` if it's available, or
- * `psa_hash_xxx()` otherwise.
- * *See docs/architecture/psa-migration/strategy.md, section "Supporting
- * builds with drivers without the software implementation", strategy for step
- * 1 (libmbedcrypto except the RNG subsystem).
+ * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either
+ * `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise;
+ * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either
+ * `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise.
*
* Note: the macros are essential to express test dependencies. Inside code,
* we could instead just use the equivalent pre-processor condition, but
@@ -70,9 +77,9 @@
* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
*
* Note: every time it's possible to use, say SHA-256, via the MD API, then
- * it's also possible to used it via the low-level API. So, code that wants to
+ * it's also possible to use it via the low-level API. So, code that wants to
* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
- * just so happens that all the choosing which API to use based on
+ * just so happens that all the code choosing which API to use based on
* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
* layer (sometimes in addition to the low-level API), so we don't need the
* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
@@ -89,7 +96,7 @@
#ifndef MBEDTLS_OR_PSA_HELPERS_H
#define MBEDTLS_OR_PSA_HELPERS_H
-#include "common.h"
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e9487b2..9e8ae37 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -958,7 +958,7 @@
* might still happen. For this reason, this is disabled by default.
*
* Requires: MBEDTLS_ECJPAKE_C
- * MBEDTLS_SHA256_C
+ * SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites (if other requisites are
@@ -1492,13 +1492,14 @@
*
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
*
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- * (Depends on ciphersuites) when MBEDTLS_USE_PSA_CRYPTO
- * is not defined, PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
- * PSA_WANT_ALG_SHA_512 when MBEDTLS_USE_PSA_CRYPTO is defined.
+ * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
+ * (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ * With MBEDTLS_USE_PSA_CRYPTO:
+ * PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
+ * PSA_WANT_ALG_SHA_512
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any TLS operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any TLS operations.
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
@@ -1517,11 +1518,11 @@
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
* Requires: MBEDTLS_PSA_CRYPTO_C
*
- * Note: even though TLS 1.3 depends on PSA Crypto, if you want it to only use
- * PSA for all crypto operations, you need to also enable
- * MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 operations, and functions that are
- * common with TLS 1.2 (record protection, running handshake hash) will still
- * use non-PSA crypto.
+ * Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditonally
+ * for most operations, if you want it to only use PSA for all crypto
+ * operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
+ * operations, and functions that are common with TLS 1.2 (record protection,
+ * running handshake hash) will still use non-PSA crypto.
*
* Uncomment this macro to enable the support for TLS 1.3.
*/
@@ -1550,6 +1551,26 @@
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum time difference in milliseconds tolerated between the age of a
+ * ticket from the server and client point of view.
+ * From the client point of view, the age of a ticket is the time difference
+ * between the time when the client proposes to the server to use the ticket
+ * (time of writing of the Pre-Shared Key Extension including the ticket) and
+ * the time the client received the ticket from the server.
+ * From the server point of view, the age of a ticket is the time difference
+ * between the time when the server receives a proposition from the client
+ * to use the ticket and the time when the ticket was created by the server.
+ * The server age is expected to be always greater than the client one and
+ * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
+ * maximum difference tolerated for the server to accept the ticket.
+ * This is not used in TLS 1.2.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+
+/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
*
* Size in bytes of a ticket nonce. This is not used in TLS 1.2.
@@ -1559,6 +1580,16 @@
#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
/**
+ * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ *
+ * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
+ * after handshake completion. This is not used in TLS 1.2 and relevant only if
+ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+
+/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
@@ -2337,7 +2368,7 @@
* This module is used by the following key exchanges:
* ECJPAKE
*
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
*
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
* before doing any EC J-PAKE operations.
@@ -2654,7 +2685,10 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS5 operation.
*
* This module adds support for the PKCS#5 functions.
*/
@@ -2669,7 +2703,11 @@
* Module: library/pkcs12.c
* Caller: library/pkparse.c
*
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
+ * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS12 operation.
*
* This module enables PKCS#12 functions.
*/
@@ -3132,8 +3170,8 @@
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 operation.
*
* This module is required for the X.509 parsing modules.
*/
@@ -3193,8 +3231,8 @@
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 create operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 create operation.
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 71d716b..cf15664 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -71,8 +71,32 @@
#endif /* MBEDTLS_ASN1_PARSE_C */
/**
+ * \brief PKCS#5 PBKDF2 using HMAC without using the HMAC context
+ *
+ * \param md_type Hash algorithm used
+ * \param password Password to use when generating key
+ * \param plen Length of password
+ * \param salt Salt to use when generating key
+ * \param slen Length of salt
+ * \param iteration_count Iteration count
+ * \param key_length Length of generated key in bytes
+ * \param output Generated key. Must be at least as big as key_length
+ *
+ * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbkdf2_hmac_ext( mbedtls_md_type_t md_type,
+ const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output );
+
+#if defined(MBEDTLS_MD_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/**
* \brief PKCS#5 PBKDF2 using HMAC
*
+ * \deprecated Superseded by mbedtls_pkcs5_pbkdf2_hmac_ext().
+ *
* \param ctx Generic HMAC context
* \param password Password to use when generating key
* \param plen Length of password
@@ -84,11 +108,13 @@
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
+ const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output );
-
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3d820a5..eda6bc2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -52,9 +52,7 @@
#include "mbedtls/platform_time.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* SSL Error codes
@@ -338,11 +336,11 @@
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
-#if defined(MBEDTLS_SHA384_C)
+#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 48
-#elif defined(MBEDTLS_SHA256_C)
+#elif defined(PSA_WANT_ALG_SHA_256)
#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 32
-#endif /* MBEDTLS_SHA256_C */
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
/*
* Default range for DTLS retransmission timer value, in milliseconds.
@@ -629,7 +627,8 @@
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE
+
/* Length in number of bytes of the TLS sequence number */
#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
@@ -1324,9 +1323,17 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
+ uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */
+#endif
+
#if defined(MBEDTLS_SSL_SRV_C)
uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
Certificate Request messages? */
@@ -4104,7 +4111,8 @@
void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
#endif /* MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Enable / Disable session tickets (client only).
* (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
@@ -4116,7 +4124,34 @@
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/**
+ * \brief Number of NewSessionTicket messages for the server to send
+ * after handshake completion.
+ *
+ * \note The default value is
+ * \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+ *
+ * \note In case of a session resumption, this setting only partially apply.
+ * At most one ticket is sent in that case to just renew the pool of
+ * tickets of the client. The rationale is to avoid the number of
+ * tickets on the server to become rapidly out of control when the
+ * server has the same configuration for all its connection instances.
+ *
+ * \param conf SSL configuration
+ * \param num_tickets Number of NewSessionTicket.
+ *
+ */
+void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
+ uint16_t num_tickets );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_SRV_C &&
+ MBEDTLS_SSL_PROTO_TLS1_3*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 1ddc997..add6b03 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
@@ -1108,7 +1109,7 @@
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen );
-#if defined(MBEDTLS_SHA1_C) || ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
/**
* \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1130,7 +1131,7 @@
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C || (MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_1)*/
+#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
/**
* \brief Set the Key Usage Extension flags
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 991be96..9011a55 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -65,6 +65,7 @@
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_ECDH 1
#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_JPAKE 1
#define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_HKDF 1
#define PSA_WANT_ALG_HKDF_EXTRACT 1
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 6de464d..6c2e06e 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1760,7 +1760,16 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0
+#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \
+ ( alg == PSA_ALG_JPAKE && \
+ primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
+ PSA_ECC_FAMILY_SECP_R1, 256) ? \
+ ( \
+ output_step == PSA_PAKE_STEP_KEY_SHARE ? 69 : \
+ output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 66 : \
+ 33 \
+ ) : \
+ 0 )
/** A sufficient input buffer size for psa_pake_input().
*
@@ -1781,7 +1790,16 @@
* the input type or PAKE algorithm is not recognized, or
* the parameters are incompatible, return 0.
*/
-#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0
+#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \
+ ( alg == PSA_ALG_JPAKE && \
+ primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
+ PSA_ECC_FAMILY_SECP_R1, 256) ? \
+ ( \
+ input_step == PSA_PAKE_STEP_KEY_SHARE ? 69 : \
+ input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 66 : \
+ 33 \
+ ) : \
+ 0 )
/** Output buffer size for psa_pake_output() for any of the supported PAKE
* algorithm and primitive suites and output step.
@@ -1790,7 +1808,7 @@
*
* See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
*/
-#define PSA_PAKE_OUTPUT_MAX_SIZE 0
+#define PSA_PAKE_OUTPUT_MAX_SIZE 69
/** Input buffer size for psa_pake_input() for any of the supported PAKE
* algorithm and primitive suites and input step.
@@ -1799,7 +1817,7 @@
*
* See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
*/
-#define PSA_PAKE_INPUT_MAX_SIZE 0
+#define PSA_PAKE_INPUT_MAX_SIZE 69
/** Returns a suitable initializer for a PAKE cipher suite object of type
* psa_pake_cipher_suite_t.
@@ -1809,7 +1827,14 @@
/** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t.
*/
-#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, {0}}
+#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
+#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0, \
+ MBEDTLS_SVC_KEY_ID_INIT, \
+ PSA_PAKE_ROLE_NONE, {0}, 0, 0, \
+ {.dummy = 0}}
+#else
+#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, {0}}
+#endif
struct psa_pake_cipher_suite_s
{
@@ -1879,14 +1904,33 @@
cipher_suite->hash = hash;
}
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+#include <mbedtls/ecjpake.h>
+#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
+#endif
+
struct psa_pake_operation_s
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(state);
+ unsigned int MBEDTLS_PRIVATE(sequence);
+#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
+ unsigned int MBEDTLS_PRIVATE(input_step);
+ unsigned int MBEDTLS_PRIVATE(output_step);
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password);
+ psa_pake_role_t MBEDTLS_PRIVATE(role);
+ uint8_t MBEDTLS_PRIVATE(buffer[PSA_PAKE_BUFFER_SIZE]);
+ size_t MBEDTLS_PRIVATE(buffer_length);
+ size_t MBEDTLS_PRIVATE(buffer_offset);
+#endif
union
{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ mbedtls_ecjpake_context ecjpake;
+#endif
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
};
static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init( void )
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 378cfb4..9513814 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -70,6 +70,7 @@
psa_crypto_ecp.c
psa_crypto_hash.c
psa_crypto_mac.c
+ psa_crypto_pake.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
diff --git a/library/Makefile b/library/Makefile
index 85cea6b..9c3af3b 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -135,6 +135,7 @@
psa_crypto_ecp.o \
psa_crypto_hash.o \
psa_crypto_mac.o \
+ psa_crypto_pake.o \
psa_crypto_rsa.o \
psa_crypto_se.o \
psa_crypto_slot_management.o \
diff --git a/library/aes.c b/library/aes.c
index ca94e0a..03eccef 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -51,12 +51,6 @@
#if !defined(MBEDTLS_AES_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1;
@@ -489,8 +483,6 @@
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
@@ -505,8 +497,6 @@
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
@@ -531,9 +521,6 @@
unsigned int i;
uint32_t *RK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
switch( keybits )
{
case 128: ctx->nr = 10; break;
@@ -649,9 +636,6 @@
uint32_t *RK;
uint32_t *SK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
mbedtls_aes_init( &cty );
ctx->rk_offset = 0;
@@ -743,9 +727,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -768,9 +749,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -970,11 +948,8 @@
const unsigned char input[16],
unsigned char output[16] )
{
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -1014,12 +989,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1123,12 +1094,8 @@
unsigned char prev_tweak[16];
unsigned char tmp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( data_unit != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
/* Data units must be at least 16 bytes long. */
if( length < 16 )
@@ -1232,13 +1199,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
n = *iv_off;
@@ -1301,12 +1263,8 @@
unsigned char c;
unsigned char ov[17];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
while( length-- )
{
memcpy( ov, iv, 16 );
@@ -1345,12 +1303,6 @@
int ret = 0;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *iv_off;
if( n > 15 )
@@ -1392,13 +1344,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( nc_off != NULL );
- AES_VALIDATE_RET( nonce_counter != NULL );
- AES_VALIDATE_RET( stream_block != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *nc_off;
if ( n > 0x0F )
diff --git a/library/camellia.c b/library/camellia.c
index 29d730a..c29e6c1 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -43,12 +43,6 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
-/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static const unsigned char SIGMA_CHARS[6][8] =
{
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@@ -298,7 +292,6 @@
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
{
- CAMELLIA_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
}
@@ -325,9 +318,6 @@
uint32_t KC[16];
uint32_t TK[20];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
-
RK = ctx->rk;
memset( t, 0, 64 );
@@ -431,8 +421,6 @@
mbedtls_camellia_context cty;
uint32_t *RK;
uint32_t *SK;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
mbedtls_camellia_init( &cty );
@@ -480,11 +468,8 @@
{
int NR;
uint32_t *RK, X[4];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( input != NULL );
- CAMELLIA_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
( (void) mode );
@@ -550,12 +535,8 @@
{
int i;
unsigned char temp[16];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -611,13 +592,8 @@
{
int c;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( iv_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
n = *iv_off;
if( n >= 16 )
@@ -670,12 +646,6 @@
{
int c, i;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
- CAMELLIA_VALIDATE_RET( stream_block != NULL );
- CAMELLIA_VALIDATE_RET( nc_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
n = *nc_off;
if( n >= 16 )
diff --git a/library/chacha20.c b/library/chacha20.c
index 658f046..f6d6e25 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -48,12 +48,6 @@
#define inline __inline
#endif
-/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#define ROTL32( value, amount ) \
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
@@ -172,8 +166,6 @@
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
- CHACHA20_VALIDATE( ctx != NULL );
-
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
@@ -192,9 +184,6 @@
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( key != NULL );
-
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->state[0] = 0x61707865;
ctx->state[1] = 0x3320646e;
@@ -218,9 +207,6 @@
const unsigned char nonce[12],
uint32_t counter )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
-
/* Counter */
ctx->state[12] = counter;
@@ -245,10 +231,6 @@
size_t offset = 0U;
size_t i;
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
-
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
@@ -312,11 +294,6 @@
mbedtls_chacha20_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHA20_VALIDATE_RET( key != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
-
mbedtls_chacha20_init( &ctx );
ret = mbedtls_chacha20_setkey( &ctx, key );
diff --git a/library/cipher.c b/library/cipher.c
index 0bac4ee..752d1fe 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -70,11 +70,6 @@
#define mbedtls_free free
#endif
-#define CIPHER_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
@@ -143,7 +138,6 @@
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
}
@@ -193,7 +187,6 @@
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -257,10 +250,8 @@
int key_bitlen,
const mbedtls_operation_t operation )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( key != NULL );
- CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
- operation == MBEDTLS_DECRYPT );
+ if( operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT )
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -356,8 +347,6 @@
{
size_t actual_iv_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -453,7 +442,6 @@
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -475,8 +463,6 @@
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -529,10 +515,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -952,9 +934,6 @@
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1054,8 +1033,6 @@
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
-
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1117,8 +1094,6 @@
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1168,8 +1143,6 @@
unsigned char check_tag[16];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1261,12 +1234,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
@@ -1542,13 +1509,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1598,13 +1558,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/library/dhm.c b/library/dhm.c
index 1e95bda..1ba5339 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -55,11 +55,6 @@
#if !defined(MBEDTLS_DHM_ALT)
-#define DHM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
-#define DHM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* helper to validate the mbedtls_mpi size and import it
*/
@@ -120,7 +115,6 @@
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
{
- DHM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
@@ -173,9 +167,6 @@
const unsigned char *end )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( p != NULL && *p != NULL );
- DHM_VALIDATE_RET( end != NULL );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
@@ -252,10 +243,6 @@
int ret;
size_t n1, n2, n3;
unsigned char *p;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
if( ret != 0 )
@@ -300,9 +287,6 @@
const mbedtls_mpi *G )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( P != NULL );
- DHM_VALIDATE_RET( G != NULL );
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
@@ -320,8 +304,6 @@
const unsigned char *input, size_t ilen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( input != NULL );
if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -341,9 +323,6 @@
void *p_rng )
{
int ret;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -440,9 +419,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GYb;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -518,9 +494,6 @@
mbedtls_pem_context pem;
#endif /* MBEDTLS_PEM_PARSE_C */
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( dhmin != NULL );
-
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
@@ -667,8 +640,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( path != NULL );
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 7447354..020eee5 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -236,7 +236,7 @@
unsigned char *p = buf;
const unsigned char *end = buf + sizeof( buf );
const size_t id_len = strlen( id );
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
/* Write things to temporary buffer */
MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
@@ -760,22 +760,14 @@
/*
* Derive PMS (7.4.2.7 / 7.4.2.8)
*/
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int mbedtls_ecjpake_derive_k( mbedtls_ecjpake_context *ctx,
+ mbedtls_ecp_point *K,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_ecp_point K;
mbedtls_mpi m_xm2_s, one;
- unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
- size_t x_bytes;
- *olen = mbedtls_hash_info_get_size( ctx->md_type );
- if( len < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
- mbedtls_ecp_point_init( &K );
mbedtls_mpi_init( &m_xm2_s );
mbedtls_mpi_init( &one );
@@ -788,12 +780,39 @@
*/
MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
&ctx->grp.N, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,
+ MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, K,
&one, &ctx->Xp,
&m_xm2_s, &ctx->Xp2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, K, &ctx->xm2, K,
f_rng, p_rng ) );
+cleanup:
+ mbedtls_mpi_free( &m_xm2_s );
+ mbedtls_mpi_free( &one );
+
+ return( ret );
+}
+
+int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecp_point K;
+ unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
+ size_t x_bytes;
+
+ *olen = mbedtls_hash_info_get_size( ctx->md_type );
+ if( len < *olen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ mbedtls_ecp_point_init( &K );
+
+ ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
+ if( ret )
+ goto cleanup;
+
/* PMS = SHA-256( K.X ) */
x_bytes = ( ctx->grp.pbits + 7 ) / 8;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
@@ -802,8 +821,31 @@
cleanup:
mbedtls_ecp_point_free( &K );
- mbedtls_mpi_free( &m_xm2_s );
- mbedtls_mpi_free( &one );
+
+ return( ret );
+}
+
+int mbedtls_ecjpake_write_shared_key( mbedtls_ecjpake_context *ctx,
+ unsigned char *buf, size_t len, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecp_point K;
+
+ mbedtls_ecp_point_init( &K );
+
+ ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
+ if( ret )
+ goto cleanup;
+
+ ret = mbedtls_ecp_point_write_binary( &ctx->grp, &K, ctx->point_format,
+ olen, buf, len );
+ if( ret != 0 )
+ goto cleanup;
+
+cleanup:
+ mbedtls_ecp_point_free( &K );
return( ret );
}
@@ -958,6 +1000,15 @@
0xcc, 0x38, 0xdb, 0xdc, 0xae, 0x60, 0xd9, 0xc5, 0x4c
};
+static const unsigned char ecjpake_test_shared_key[] = {
+ 0x04, 0x01, 0xab, 0xe9, 0xf2, 0xc7, 0x3a, 0x99, 0x14, 0xcb, 0x1f, 0x80,
+ 0xfb, 0x9d, 0xdb, 0x7e, 0x00, 0x12, 0xa8, 0x9c, 0x2f, 0x39, 0x27, 0x79,
+ 0xf9, 0x64, 0x40, 0x14, 0x75, 0xea, 0xc1, 0x31, 0x28, 0x43, 0x8f, 0xe1,
+ 0x12, 0x41, 0xd6, 0xc1, 0xe5, 0x5f, 0x7b, 0x80, 0x88, 0x94, 0xc9, 0xc0,
+ 0x27, 0xa3, 0x34, 0x41, 0xf5, 0xcb, 0xa1, 0xfe, 0x6c, 0xc7, 0xe6, 0x12,
+ 0x17, 0xc3, 0xde, 0x27, 0xb4,
+};
+
static const unsigned char ecjpake_test_pms[] = {
0xf3, 0xd4, 0x7f, 0x59, 0x98, 0x44, 0xdb, 0x92, 0xa5, 0x69, 0xbb, 0xe7,
0x98, 0x1e, 0x39, 0xd9, 0x31, 0xfd, 0x74, 0x3b, 0xf2, 0x2e, 0x98, 0xf9,
@@ -1144,6 +1195,13 @@
TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+ /* Server derives K as unsigned binary data */
+ TEST_ASSERT( mbedtls_ecjpake_write_shared_key( &srv,
+ buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+ TEST_ASSERT( len == sizeof( ecjpake_test_shared_key ) );
+ TEST_ASSERT( memcmp( buf, ecjpake_test_shared_key, len ) == 0 );
+
memset( buf, 0, len ); /* Avoid interferences with next step */
/* Client derives PMS */
@@ -1153,6 +1211,13 @@
TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+ /* Client derives K as unsigned binary data */
+ TEST_ASSERT( mbedtls_ecjpake_write_shared_key( &cli,
+ buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+ TEST_ASSERT( len == sizeof( ecjpake_test_shared_key ) );
+ TEST_ASSERT( memcmp( buf, ecjpake_test_shared_key, len ) == 0 );
+
if( verbose != 0 )
mbedtls_printf( "passed\n" );
#endif /* ! MBEDTLS_ECJPAKE_ALT */
diff --git a/library/gcm.c b/library/gcm.c
index 6d07f87..ac329e3 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -52,18 +52,11 @@
#if !defined(MBEDTLS_GCM_ALT)
-/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Initialize a context
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
- GCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
}
@@ -143,9 +136,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( key != NULL );
- GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+ if( keybits != 128 && keybits != 192 && keybits != 256 )
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
MBEDTLS_MODE_ECB );
@@ -256,9 +248,6 @@
size_t use_len, olen = 0;
uint64_t iv_bits;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
@@ -334,8 +323,6 @@
const unsigned char *p;
size_t use_len, i, offset;
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
if( (uint64_t) add_len >> 61 != 0 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -434,7 +421,6 @@
if( output_size < input_length )
return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
- GCM_VALIDATE_RET( output_length != NULL );
*output_length = input_length;
/* Exit early if input_length==0 so that we don't do any pointer arithmetic
@@ -444,10 +430,6 @@
if( input_length == 0 )
return( 0 );
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( input != NULL );
- GCM_VALIDATE_RET( output != NULL );
-
if( output > input && (size_t) ( output - input ) < input_length )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -519,9 +501,6 @@
uint64_t orig_len;
uint64_t orig_add_len;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
/* We never pass any output in finish(). The output parameter exists only
* for the sake of alternative implementations. */
(void) output;
@@ -580,13 +559,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
return( ret );
@@ -619,13 +591,6 @@
size_t i;
int diff;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( tag != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
-
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
diff --git a/library/hash_info.c b/library/hash_info.c
index 366ca3f..cd7d70e 100644
--- a/library/hash_info.c
+++ b/library/hash_info.c
@@ -21,7 +21,7 @@
*/
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/error.h"
typedef struct
diff --git a/library/hash_info.h b/library/hash_info.h
index 54f5f7c..1b7b46c 100644
--- a/library/hash_info.h
+++ b/library/hash_info.h
@@ -35,6 +35,20 @@
#include "mbedtls/md.h"
#include "psa/crypto.h"
+/** \def MBEDTLS_HASH_MAX_SIZE
+ *
+ * Maximum size of a hash based on configuration.
+ */
+#if defined(MBEDTLS_MD_C) && ( \
+ !defined(MBEDTLS_PSA_CRYPTO_C) || \
+ MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE )
+#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
+ !defined(MBEDTLS_MD_C) || \
+ PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE )
+#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
+#endif
+
/** Get the output length of the given hash type from its MD type.
*
* \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH().
diff --git a/library/oid.c b/library/oid.c
index 4ecf621..dcd1815 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -27,7 +27,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <stdio.h>
#include <string.h>
diff --git a/library/pem.c b/library/pem.c
index f2ee5ca..e4101e8 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -45,12 +45,14 @@
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
-#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
#define PEM_RFC1421
-#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CIPHER_MODE_CBC &&
+#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
+ MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#if defined(MBEDTLS_PEM_PARSE_C)
diff --git a/library/pk.c b/library/pk.c
index 5dd0fa8..8dc19ef 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -46,19 +46,11 @@
#include <limits.h>
#include <stdint.h>
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Initialise a mbedtls_pk_context
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx )
{
- PK_VALIDATE( ctx != NULL );
-
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
}
@@ -83,7 +75,6 @@
*/
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
{
- PK_VALIDATE( ctx != NULL );
ctx->pk_info = NULL;
ctx->rs_ctx = NULL;
}
@@ -137,7 +128,6 @@
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
{
- PK_VALIDATE_RET( ctx != NULL );
if( info == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -200,7 +190,6 @@
mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
- PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -404,10 +393,8 @@
const unsigned char *sig, size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
if( ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
@@ -462,10 +449,8 @@
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -588,13 +573,10 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- if( ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -707,11 +689,6 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
-
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -730,11 +707,6 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
-
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -753,9 +725,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- PK_VALIDATE_RET( pub != NULL );
- PK_VALIDATE_RET( prv != NULL );
-
if( pub->pk_info == NULL ||
prv->pk_info == NULL )
{
@@ -800,7 +769,6 @@
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
{
- PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
diff --git a/library/pkcs12.c b/library/pkcs12.c
index e725a97..f335079 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -39,6 +39,9 @@
#include "mbedtls/des.h"
#endif
+#include "hash_info.h"
+#include "mbedtls/psa_util.h"
+
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
@@ -209,6 +212,108 @@
}
}
+
+static int calculate_hashes( mbedtls_md_type_t md_type, int iterations,
+ unsigned char *diversifier, unsigned char *salt_block,
+ unsigned char *pwd_block, unsigned char *hash_output, int use_salt,
+ int use_password, size_t hlen, size_t v )
+{
+#if defined(MBEDTLS_MD_C)
+ int ret = -1;
+ size_t i;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_md_context_t md_ctx;
+ md_info = mbedtls_md_info_from_type( md_type );
+ if( md_info == NULL )
+ return ( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+ mbedtls_md_init( &md_ctx );
+
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ return ( ret );
+ // Calculate hash( diversifier || salt_block || pwd_block )
+ if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+ goto exit;
+
+ if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
+ goto exit;
+
+ if( use_salt != 0 )
+ {
+ if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
+ goto exit;
+ }
+
+ if( use_password != 0 )
+ {
+ if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
+ goto exit;
+
+ // Perform remaining ( iterations - 1 ) recursive hash calculations
+ for( i = 1; i < (size_t) iterations; i++ )
+ {
+ if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) )
+ != 0 )
+ goto exit;
+ }
+
+exit:
+ mbedtls_md_free( &md_ctx );
+ return ret;
+#else
+ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t alg = mbedtls_psa_translate_md( md_type );
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status_abort = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t i, out_len, out_size = PSA_HASH_LENGTH( alg );
+
+ if( alg == PSA_ALG_NONE )
+ return ( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+ if( ( status = psa_hash_setup( &op, alg ) ) != PSA_SUCCESS )
+ goto exit;
+
+ // Calculate hash( diversifier || salt_block || pwd_block )
+ if( ( status = psa_hash_update( &op, diversifier, v ) ) != PSA_SUCCESS )
+ goto exit;
+
+ if( use_salt != 0 )
+ {
+ if( ( status = psa_hash_update( &op, salt_block, v ) ) != PSA_SUCCESS )
+ goto exit;
+ }
+
+ if( use_password != 0 )
+ {
+ if( ( status = psa_hash_update( &op, pwd_block, v ) ) != PSA_SUCCESS )
+ goto exit;
+ }
+
+ if( ( status = psa_hash_finish( &op, hash_output, out_size, &out_len ) )
+ != PSA_SUCCESS )
+ goto exit;
+
+ // Perform remaining ( iterations - 1 ) recursive hash calculations
+ for( i = 1; i < (size_t) iterations; i++ )
+ {
+ if( ( status = psa_hash_compute( alg, hash_output, hlen, hash_output,
+ out_size, &out_len ) ) != PSA_SUCCESS )
+ goto exit;
+ }
+
+exit:
+ status_abort = psa_hash_abort( &op );
+ if( status == PSA_SUCCESS )
+ status = status_abort;
+ return ( mbedtls_md_error_from_psa( status ) );
+#endif /* !MBEDTLS_MD_C */
+}
+
+
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *salt, size_t saltlen,
@@ -219,7 +324,7 @@
unsigned char diversifier[128];
unsigned char salt_block[128], pwd_block[128], hash_block[128] = {0};
- unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
+ unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
unsigned char *p;
unsigned char c;
int use_password = 0;
@@ -227,9 +332,6 @@
size_t hlen, use_len, v, i;
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
-
// This version only allows max of 64 bytes of password or salt
if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
@@ -243,15 +345,7 @@
use_password = ( pwd && pwdlen != 0 );
use_salt = ( salt && saltlen != 0 );
- md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
- mbedtls_md_init( &md_ctx );
-
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
- return( ret );
- hlen = mbedtls_md_get_size( md_info );
+ hlen = mbedtls_hash_info_get_size( md_type );
if( hlen <= 32 )
v = 64;
@@ -273,33 +367,11 @@
p = data;
while( datalen > 0 )
{
- // Calculate hash( diversifier || salt_block || pwd_block )
- if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
- goto exit;
-
- if( use_salt != 0 )
+ if( calculate_hashes( md_type, iterations, diversifier, salt_block,
+ pwd_block, hash_output, use_salt, use_password, hlen,
+ v ) != 0 )
{
- if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
- goto exit;
- }
-
- if( use_password != 0)
- {
- if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
- goto exit;
- }
-
- if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
goto exit;
-
- // Perform remaining ( iterations - 1 ) recursive hash calculations
- for( i = 1; i < (size_t) iterations; i++ )
- {
- if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
- goto exit;
}
use_len = ( datalen > hlen ) ? hlen : datalen;
@@ -351,8 +423,6 @@
mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
- mbedtls_md_free( &md_ctx );
-
return( ret );
}
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 2b014d9..847496d 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -49,6 +49,9 @@
#define mbedtls_printf printf
#endif
+#include "hash_info.h"
+#include "mbedtls/psa_util.h"
+
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
@@ -118,9 +121,7 @@
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
size_t olen = 0;
- const mbedtls_md_info_t *md_info;
const mbedtls_cipher_info_t *cipher_info;
- mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
mbedtls_cipher_context_t cipher_ctx;
@@ -153,10 +154,6 @@
return( ret );
}
- md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
&enc_scheme_params ) ) != 0 )
{
@@ -182,16 +179,13 @@
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
}
- mbedtls_md_init( &md_ctx );
mbedtls_cipher_init( &cipher_ctx );
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
- iterations, keylen, key ) ) != 0 )
+ if( ( ret = mbedtls_pkcs5_pbkdf2_hmac_ext( md_type, pwd, pwdlen, salt.p,
+ salt.len, iterations, keylen,
+ key ) ) != 0 )
{
goto exit;
}
@@ -208,18 +202,18 @@
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
exit:
- mbedtls_md_free( &md_ctx );
mbedtls_cipher_free( &cipher_ctx );
return( ret );
}
#endif /* MBEDTLS_ASN1_PARSE_C */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
- const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output )
+#if defined(MBEDTLS_MD_C)
+static int pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
+ const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int j;
@@ -297,9 +291,149 @@
return( ret );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
+ const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output )
+{
+ return( pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
+ key_length, output ) );
+}
+#endif
+#endif /* MBEDTLS_MD_C */
+
+int mbedtls_pkcs5_pbkdf2_hmac_ext( mbedtls_md_type_t md_alg,
+ const unsigned char *password,
+ size_t plen, const unsigned char *salt, size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length, unsigned char *output )
+{
+#if defined(MBEDTLS_MD_C)
+ mbedtls_md_context_t md_ctx;
+ const mbedtls_md_info_t *md_info = NULL;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ md_info = mbedtls_md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+ mbedtls_md_init( &md_ctx );
+
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+ goto exit;
+ ret = pkcs5_pbkdf2_hmac( &md_ctx, password, plen, salt, slen,
+ iteration_count, key_length, output );
+exit:
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+#else
+ int j;
+ unsigned int i;
+ unsigned char md1[PSA_HASH_MAX_SIZE];
+ unsigned char work[PSA_HASH_MAX_SIZE];
+ const unsigned char md_size = mbedtls_hash_info_get_size( md_alg );
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status_destruction = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t use_len, out_len;
+ unsigned char *out_p = output;
+ unsigned char counter[4];
+ mbedtls_svc_key_id_t psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const psa_algorithm_t alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( md_alg ) );
+ const size_t out_size = PSA_MAC_LENGTH( PSA_KEY_TYPE_HMAC, 0, alg );
+
+ memset( counter, 0, sizeof( counter ) );
+ counter[3] = 1;
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ if( key_length == 0 )
+ return 0;
+ if( ( status = psa_import_key( &attributes,
+ password, plen,
+ &psa_hmac_key ) ) != PSA_SUCCESS )
+ {
+ return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
+ }
+
+#if UINT_MAX > 0xFFFFFFFF
+ if( iteration_count > 0xFFFFFFFF )
+ return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+#endif
+
+ while( key_length )
+ {
+ status = psa_mac_sign_setup( &operation, psa_hmac_key,
+ PSA_ALG_HMAC( alg ) );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ // U1 ends up in work
+ if( ( status = psa_mac_update( &operation, salt, slen ) ) != PSA_SUCCESS )
+ goto cleanup;
+
+ if( ( status = psa_mac_update( &operation, counter, sizeof( counter ) ) ) != PSA_SUCCESS )
+ goto cleanup;
+
+ if( ( status = psa_mac_sign_finish( &operation, work, out_size, &out_len ) )
+ != PSA_SUCCESS )
+ goto cleanup;
+
+ memcpy( md1, work, out_len );
+
+ for( i = 1; i < iteration_count; i++ )
+ {
+ // U2 ends up in md1
+ //
+ status = psa_mac_sign_setup( &operation, psa_hmac_key,
+ PSA_ALG_HMAC( alg ) );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ if( ( status = psa_mac_update( &operation, md1, md_size ) ) != PSA_SUCCESS )
+ goto cleanup;
+ if( ( status = psa_mac_sign_finish( &operation, md1, out_size, &out_len ) ) != PSA_SUCCESS )
+ goto cleanup;
+
+ // U1 xor U2
+ //
+ for( j = 0; j < md_size; j++ )
+ work[j] ^= md1[j];
+ }
+
+ use_len = ( key_length < md_size ) ? key_length : md_size;
+ memcpy( out_p, work, use_len );
+
+ key_length -= (uint32_t) use_len;
+ out_p += use_len;
+
+ for( i = 4; i > 0; i-- )
+ if( ++counter[i - 1] != 0 )
+ break;
+ }
+
+cleanup:
+ /* Zeroise buffers to clear sensitive data from memory. */
+ mbedtls_platform_zeroize( work, PSA_HASH_MAX_SIZE );
+ mbedtls_platform_zeroize( md1, PSA_HASH_MAX_SIZE );
+ status_destruction = psa_destroy_key( psa_hmac_key );
+ if( status == PSA_SUCCESS && status_destruction != PSA_SUCCESS )
+ status = status_destruction;
+ status_destruction = psa_mac_abort( &operation );
+ if( status == PSA_SUCCESS && status_destruction != PSA_SUCCESS )
+ status = status_destruction;
+
+ return( mbedtls_md_error_from_psa( status ) );
+#endif /* !MBEDTLS_MD_C */
+}
+
#if defined(MBEDTLS_SELF_TEST)
-#if !defined(MBEDTLS_SHA1_C)
+#if !defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA)
int mbedtls_pkcs5_self_test( int verbose )
{
if( verbose != 0 )
@@ -362,32 +496,15 @@
int mbedtls_pkcs5_self_test( int verbose )
{
- mbedtls_md_context_t sha1_ctx;
- const mbedtls_md_info_t *info_sha1;
int ret, i;
unsigned char key[64];
- mbedtls_md_init( &sha1_ctx );
-
- info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
- if( info_sha1 == NULL )
- {
- ret = 1;
- goto exit;
- }
-
- if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
- {
- ret = 1;
- goto exit;
- }
-
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i );
- ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i],
+ ret = mbedtls_pkcs5_pbkdf2_hmac_ext( MBEDTLS_MD_SHA1, password_test_data[i],
plen_test_data[i], salt_test_data[i],
slen_test_data[i], it_cnt_test_data[i],
key_len_test_data[i], key );
@@ -409,11 +526,9 @@
mbedtls_printf( "\n" );
exit:
- mbedtls_md_free( &sha1_ctx );
-
return( ret );
}
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA */
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/pkparse.c b/library/pkparse.c
index 73d59a6..2a9a558 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -56,12 +56,6 @@
#define mbedtls_free free
#endif
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
@@ -75,10 +69,6 @@
FILE *f;
long size;
- PK_VALIDATE_RET( path != NULL );
- PK_VALIDATE_RET( buf != NULL );
- PK_VALIDATE_RET( n != NULL );
-
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@@ -133,9 +123,6 @@
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
-
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -160,9 +147,6 @@
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
-
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -620,11 +604,6 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( end != NULL );
- PK_VALIDATE_RET( pk != NULL );
-
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
@@ -1217,10 +1196,8 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( pk != NULL );
if( keylen == 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
@@ -1436,10 +1413,8 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( ctx != NULL );
if( keylen == 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL || keylen == 0 );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 8b99340..4d87b07 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -59,12 +59,6 @@
#define mbedtls_free free
#endif
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
@@ -182,11 +176,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( start != NULL );
- PK_VALIDATE_RET( key != NULL );
-
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
@@ -233,10 +222,8 @@
mbedtls_pk_type_t pk_type;
const char *oid;
- PK_VALIDATE_RET( key != NULL );
if( size == 0 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
c = buf + size;
@@ -333,10 +320,8 @@
unsigned char *c;
size_t len = 0;
- PK_VALIDATE_RET( key != NULL );
if( size == 0 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
c = buf + size;
@@ -500,9 +485,6 @@
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
-
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
@@ -526,9 +508,6 @@
const char *begin, *end;
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
-
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
return( ret );
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b0116dd..4a0bd83 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -445,6 +445,8 @@
case PSA_KEY_TYPE_RAW_DATA:
case PSA_KEY_TYPE_HMAC:
case PSA_KEY_TYPE_DERIVE:
+ case PSA_KEY_TYPE_PASSWORD:
+ case PSA_KEY_TYPE_PASSWORD_HASH:
break;
#if defined(PSA_WANT_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
new file mode 100644
index 0000000..10d3e4a
--- /dev/null
+++ b/library/psa_crypto_pake.c
@@ -0,0 +1,843 @@
+/*
+ * PSA PAKE layer on top of Mbed TLS software crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include <psa/crypto.h>
+#include "psa_crypto_core.h"
+#include "psa_crypto_slot_management.h"
+
+#include <mbedtls/ecjpake.h>
+#include <mbedtls/psa_util.h>
+
+#include <mbedtls/platform.h>
+#include <mbedtls/error.h>
+#include <string.h>
+
+/*
+ * State sequence:
+ *
+ * psa_pake_setup()
+ * |
+ * |-- In any order:
+ * | | psa_pake_set_password_key()
+ * | | psa_pake_set_user()
+ * | | psa_pake_set_peer()
+ * | | psa_pake_set_role()
+ * |
+ * |--- In any order: (First round input before or after first round output)
+ * | |
+ * | |------ In Order
+ * | | | psa_pake_output(PSA_PAKE_STEP_KEY_SHARE)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PROOF)
+ * | | | psa_pake_output(PSA_PAKE_STEP_KEY_SHARE)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PROOF)
+ * | |
+ * | |------ In Order:
+ * | | psa_pake_input(PSA_PAKE_STEP_KEY_SHARE)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PROOF)
+ * | | psa_pake_input(PSA_PAKE_STEP_KEY_SHARE)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PROOF)
+ * |
+ * |--- In any order: (Second round input before or after second round output)
+ * | |
+ * | |------ In Order
+ * | | | psa_pake_output(PSA_PAKE_STEP_KEY_SHARE)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | | psa_pake_output(PSA_PAKE_STEP_ZK_PROOF)
+ * | |
+ * | |------ In Order:
+ * | | psa_pake_input(PSA_PAKE_STEP_KEY_SHARE)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PUBLIC)
+ * | | psa_pake_input(PSA_PAKE_STEP_ZK_PROOF)
+ * |
+ * psa_pake_get_implicit_key()
+ * psa_pake_abort()
+ */
+
+enum psa_pake_step
+{
+ PSA_PAKE_STEP_INVALID = 0,
+ PSA_PAKE_STEP_X1_X2 = 1,
+ PSA_PAKE_STEP_X2S = 2,
+ PSA_PAKE_STEP_DERIVE = 3,
+};
+
+enum psa_pake_state
+{
+ PSA_PAKE_STATE_INVALID = 0,
+ PSA_PAKE_STATE_SETUP = 1,
+ PSA_PAKE_STATE_READY = 2,
+ PSA_PAKE_OUTPUT_X1_X2 = 3,
+ PSA_PAKE_OUTPUT_X2S = 4,
+ PSA_PAKE_INPUT_X1_X2 = 5,
+ PSA_PAKE_INPUT_X4S = 6,
+};
+
+/*
+ * The first PAKE step shares the same sequences of the second PAKE step
+ * but with a second set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs.
+ * It's simpler to share the same sequences numbers of the first
+ * set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs in both PAKE steps.
+ *
+ * State sequence with step, state & sequence enums:
+ * => Input & Output Step = PSA_PAKE_STEP_INVALID
+ * => state = PSA_PAKE_STATE_INVALID
+ * psa_pake_setup()
+ * => Input & Output Step = PSA_PAKE_STEP_X1_X2
+ * => state = PSA_PAKE_STATE_SETUP
+ * => sequence = PSA_PAKE_SEQ_INVALID
+ * |
+ * |--- In any order: (First round input before or after first round output)
+ * | | First call of psa_pake_output() or psa_pake_input() sets
+ * | | state = PSA_PAKE_STATE_READY
+ * | |
+ * | |------ In Order: => state = PSA_PAKE_OUTPUT_X1_X2
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF
+ * | | | => state = PSA_PAKE_STATE_READY
+ * | | | => sequence = PSA_PAKE_SEQ_INVALID
+ * | | | => Output Step = PSA_PAKE_STEP_X2S
+ * | |
+ * | |------ In Order: => state = PSA_PAKE_INPUT_X1_X2
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF
+ * | | | => state = PSA_PAKE_STATE_READY
+ * | | | => sequence = PSA_PAKE_SEQ_INVALID
+ * | | | => Output Step = PSA_PAKE_INPUT_X4S
+ * |
+ * |--- In any order: (Second round input before or after second round output)
+ * | |
+ * | |------ In Order: => state = PSA_PAKE_OUTPUT_X2S
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
+ * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
+ * | | | => state = PSA_PAKE_STATE_READY
+ * | | | => sequence = PSA_PAKE_SEQ_INVALID
+ * | | | => Output Step = PSA_PAKE_STEP_DERIVE
+ * | |
+ * | |------ In Order: => state = PSA_PAKE_INPUT_X4S
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
+ * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
+ * | | | => state = PSA_PAKE_STATE_READY
+ * | | | => sequence = PSA_PAKE_SEQ_INVALID
+ * | | | => Output Step = PSA_PAKE_STEP_DERIVE
+ * |
+ * psa_pake_get_implicit_key()
+ * => Input & Output Step = PSA_PAKE_STEP_INVALID
+ */
+enum psa_pake_sequence
+{
+ PSA_PAKE_SEQ_INVALID = 0,
+ PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */
+ PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */
+ PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */
+ PSA_PAKE_X2_STEP_KEY_SHARE = 4,
+ PSA_PAKE_X2_STEP_ZK_PUBLIC = 5,
+ PSA_PAKE_X2_STEP_ZK_PROOF = 6,
+ PSA_PAKE_SEQ_END = 7,
+};
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+static psa_status_t mbedtls_ecjpake_to_psa_error( int ret )
+{
+ switch( ret )
+ {
+ case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
+ case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
+ case MBEDTLS_ERR_ECP_INVALID_KEY:
+ case MBEDTLS_ERR_ECP_VERIFY_FAILED:
+ return( PSA_ERROR_DATA_INVALID );
+ case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
+ case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ default:
+ return( PSA_ERROR_GENERIC_ERROR );
+ }
+}
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
+psa_status_t psa_pake_setup( psa_pake_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != PSA_ALG_NONE )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( cipher_suite == NULL ||
+ PSA_ALG_IS_PAKE(cipher_suite->algorithm ) == 0 ||
+ ( cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
+ cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH ) ||
+ PSA_ALG_IS_HASH( cipher_suite->hash ) == 0 )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ if( cipher_suite->algorithm == PSA_ALG_JPAKE )
+ {
+ if( cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
+ cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 ||
+ cipher_suite->bits != 256 ||
+ cipher_suite->hash != PSA_ALG_SHA_256 )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ operation->alg = cipher_suite->algorithm;
+
+ mbedtls_ecjpake_init( &operation->ctx.ecjpake );
+
+ operation->state = PSA_PAKE_STATE_SETUP;
+ operation->sequence = PSA_PAKE_SEQ_INVALID;
+ operation->input_step = PSA_PAKE_STEP_X1_X2;
+ operation->output_step = PSA_PAKE_STEP_X1_X2;
+
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ operation->buffer_length = 0;
+ operation->buffer_offset = 0;
+
+ return( PSA_SUCCESS );
+ }
+ else
+#endif
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
+ mbedtls_svc_key_id_t password )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = psa_key_attributes_init();
+ psa_key_type_t type;
+ psa_key_usage_t usage;
+
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state != PSA_PAKE_STATE_SETUP )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ status = psa_get_key_attributes( password, &attributes );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ type = psa_get_key_type( &attributes );
+ usage = psa_get_key_usage_flags( &attributes );
+
+ psa_reset_key_attributes( &attributes );
+
+ if( type != PSA_KEY_TYPE_PASSWORD &&
+ type != PSA_KEY_TYPE_PASSWORD_HASH )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ operation->password = password;
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_pake_set_user( psa_pake_operation_t *operation,
+ const uint8_t *user_id,
+ size_t user_id_len )
+{
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state != PSA_PAKE_STATE_SETUP )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( user_id_len == 0 || user_id == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation,
+ const uint8_t *peer_id,
+ size_t peer_id_len )
+{
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state != PSA_PAKE_STATE_SETUP )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( peer_id_len == 0 || peer_id == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
+ psa_pake_role_t role )
+{
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state != PSA_PAKE_STATE_SETUP )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( role != PSA_PAKE_ROLE_NONE &&
+ role != PSA_PAKE_ROLE_FIRST &&
+ role != PSA_PAKE_ROLE_SECOND &&
+ role != PSA_PAKE_ROLE_CLIENT &&
+ role != PSA_PAKE_ROLE_SERVER )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ if( operation->alg == PSA_ALG_JPAKE )
+ {
+ if( role != PSA_PAKE_ROLE_CLIENT &&
+ role != PSA_PAKE_ROLE_SERVER )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ operation->role = role;
+
+ return( PSA_SUCCESS );
+ }
+ else
+#endif
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecjpake_role role;
+ psa_key_slot_t *slot = NULL;
+
+ if( operation->role == PSA_PAKE_ROLE_CLIENT )
+ role = MBEDTLS_ECJPAKE_CLIENT;
+ else if( operation->role == PSA_PAKE_ROLE_SERVER )
+ role = MBEDTLS_ECJPAKE_SERVER;
+ else
+ return( PSA_ERROR_BAD_STATE );
+
+ if( psa_is_valid_key_id( operation->password, 1 ) == 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ status = psa_get_and_lock_key_slot( operation->password, &slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+
+ ret = mbedtls_ecjpake_setup( &operation->ctx.ecjpake,
+ role,
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_ECP_DP_SECP256R1,
+ slot->key.data, slot->key.bytes );
+
+ psa_unlock_key_slot( slot );
+ slot = NULL;
+
+ if( ret != 0 )
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+
+ operation->state = PSA_PAKE_STATE_READY;
+
+ return( PSA_SUCCESS );
+}
+#endif
+
+psa_status_t psa_pake_output( psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t length;
+
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state == PSA_PAKE_STATE_INVALID )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( output == NULL || output_size == 0 || output_length == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ /*
+ * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different
+ * handling of output sequencing.
+ *
+ * The MbedTLS JPAKE API outputs the whole X1+X2 and X2S steps data
+ * at once, on the other side the PSA CRYPTO PAKE api requires
+ * the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X2S to be
+ * retrieved in sequence.
+ *
+ * In order to achieve API compatibility, the whole X1+X2 or X2S steps
+ * data is stored in an intermediate buffer at first step output call,
+ * and data is sliced down by parsing the ECPoint records in order
+ * to return the right parts on each step.
+ */
+ if( operation->alg == PSA_ALG_JPAKE )
+ {
+ if( step != PSA_PAKE_STEP_KEY_SHARE &&
+ step != PSA_PAKE_STEP_ZK_PUBLIC &&
+ step != PSA_PAKE_STEP_ZK_PROOF )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( operation->state == PSA_PAKE_STATE_SETUP ) {
+ status = psa_pake_ecjpake_setup( operation );
+ if( status != PSA_SUCCESS )
+ {
+ psa_pake_abort( operation );
+ return( status );
+ }
+ }
+
+ if( operation->state != PSA_PAKE_STATE_READY &&
+ operation->state != PSA_PAKE_OUTPUT_X1_X2 &&
+ operation->state != PSA_PAKE_OUTPUT_X2S )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( operation->state == PSA_PAKE_STATE_READY )
+ {
+ if( step != PSA_PAKE_STEP_KEY_SHARE )
+ return( PSA_ERROR_BAD_STATE );
+
+ switch( operation->output_step )
+ {
+ case PSA_PAKE_STEP_X1_X2:
+ operation->state = PSA_PAKE_OUTPUT_X1_X2;
+ break;
+ case PSA_PAKE_STEP_X2S:
+ operation->state = PSA_PAKE_OUTPUT_X2S;
+ break;
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
+ }
+
+ /* Check if step matches current sequence */
+ switch( operation->sequence )
+ {
+ case PSA_PAKE_X1_STEP_KEY_SHARE:
+ case PSA_PAKE_X2_STEP_KEY_SHARE:
+ if( step != PSA_PAKE_STEP_KEY_SHARE )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ case PSA_PAKE_X1_STEP_ZK_PUBLIC:
+ case PSA_PAKE_X2_STEP_ZK_PUBLIC:
+ if( step != PSA_PAKE_STEP_ZK_PUBLIC )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ case PSA_PAKE_X1_STEP_ZK_PROOF:
+ case PSA_PAKE_X2_STEP_ZK_PROOF:
+ if( step != PSA_PAKE_STEP_ZK_PROOF )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ /* Initialize & write round on KEY_SHARE sequences */
+ if( operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
+ operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
+ {
+ ret = mbedtls_ecjpake_write_round_one( &operation->ctx.ecjpake,
+ operation->buffer,
+ PSA_PAKE_BUFFER_SIZE,
+ &operation->buffer_length,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE );
+ if( ret != 0 )
+ {
+ psa_pake_abort( operation );
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+ }
+
+ operation->buffer_offset = 0;
+ }
+ else if( operation->state == PSA_PAKE_OUTPUT_X2S &&
+ operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
+ {
+ ret = mbedtls_ecjpake_write_round_two( &operation->ctx.ecjpake,
+ operation->buffer,
+ PSA_PAKE_BUFFER_SIZE,
+ &operation->buffer_length,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE );
+ if( ret != 0 )
+ {
+ psa_pake_abort( operation );
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+ }
+
+ operation->buffer_offset = 0;
+ }
+
+ /*
+ * Steps sequences are stored as:
+ * struct {
+ * opaque point <1..2^8-1>;
+ * } ECPoint;
+ *
+ * Where byte 0 stores the ECPoint curve point length.
+ *
+ * The sequence length is equal to:
+ * - data length extracted from byte 0
+ * - byte 0 size (1)
+ */
+ if( operation->state == PSA_PAKE_OUTPUT_X2S &&
+ operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
+ {
+ if( operation->role == PSA_PAKE_ROLE_SERVER )
+ /*
+ * The X2S KEY SHARE Server steps sequence is stored as:
+ * struct {
+ * ECPoint X;
+ * opaque r <1..2^8-1>;
+ * } ECSchnorrZKP;
+ *
+ * And MbedTLS uses a 3 bytes Ephemeral public key ECPoint,
+ * so byte 3 stores the r Schnorr signature length.
+ *
+ * The sequence length is equal to:
+ * - curve storage size (3)
+ * - data length extracted from byte 3
+ * - byte 3 size (1)
+ */
+ length = 3 + operation->buffer[3] + 1;
+ else
+ length = operation->buffer[0] + 1;
+ }
+ else
+ length = operation->buffer[operation->buffer_offset] + 1;
+
+ if( length > operation->buffer_length )
+ return( PSA_ERROR_DATA_CORRUPT );
+
+ if( output_size < length )
+ {
+ psa_pake_abort( operation );
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ }
+
+ memcpy( output,
+ operation->buffer + operation->buffer_offset,
+ length );
+ *output_length = length;
+
+ operation->buffer_offset += length;
+
+ /* Reset buffer after ZK_PROOF sequence */
+ if( ( operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
+ operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF ) ||
+ ( operation->state == PSA_PAKE_OUTPUT_X2S &&
+ operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF ) )
+ {
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ operation->buffer_length = 0;
+ operation->buffer_offset = 0;
+
+ operation->state = PSA_PAKE_STATE_READY;
+ operation->output_step++;
+ operation->sequence = PSA_PAKE_SEQ_INVALID;
+ }
+ else
+ operation->sequence++;
+
+ return( PSA_SUCCESS );
+ }
+ else
+#endif
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_input( psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ const uint8_t *input,
+ size_t input_length )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t buffer_remain;
+
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state == PSA_PAKE_STATE_INVALID )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( input == NULL || input_length == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ /*
+ * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different
+ * handling of input sequencing.
+ *
+ * The MbedTLS JPAKE API takes the whole X1+X2 or X4S steps data
+ * at once as input, on the other side the PSA CRYPTO PAKE api requires
+ * the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X4S to be
+ * given in sequence.
+ *
+ * In order to achieve API compatibility, each X1+X2 or X4S step data
+ * is stored sequentially in an intermediate buffer and given to the
+ * MbedTLS JPAKE API on the last step.
+ *
+ * This causes any input error to be only detected on the last step.
+ */
+ if( operation->alg == PSA_ALG_JPAKE )
+ {
+ if( step != PSA_PAKE_STEP_KEY_SHARE &&
+ step != PSA_PAKE_STEP_ZK_PUBLIC &&
+ step != PSA_PAKE_STEP_ZK_PROOF )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( operation->state == PSA_PAKE_STATE_SETUP )
+ {
+ status = psa_pake_ecjpake_setup( operation );
+ if( status != PSA_SUCCESS )
+ {
+ psa_pake_abort( operation );
+ return( status );
+ }
+ }
+
+ if( operation->state != PSA_PAKE_STATE_READY &&
+ operation->state != PSA_PAKE_INPUT_X1_X2 &&
+ operation->state != PSA_PAKE_INPUT_X4S )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ if( operation->state == PSA_PAKE_STATE_READY )
+ {
+ if( step != PSA_PAKE_STEP_KEY_SHARE )
+ return( PSA_ERROR_BAD_STATE );
+
+ switch( operation->input_step )
+ {
+ case PSA_PAKE_STEP_X1_X2:
+ operation->state = PSA_PAKE_INPUT_X1_X2;
+ break;
+ case PSA_PAKE_STEP_X2S:
+ operation->state = PSA_PAKE_INPUT_X4S;
+ break;
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
+ }
+
+ buffer_remain = PSA_PAKE_BUFFER_SIZE - operation->buffer_length;
+
+ if( input_length == 0 ||
+ input_length > buffer_remain )
+ {
+ psa_pake_abort( operation );
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ }
+
+ /* Check if step matches current sequence */
+ switch( operation->sequence )
+ {
+ case PSA_PAKE_X1_STEP_KEY_SHARE:
+ case PSA_PAKE_X2_STEP_KEY_SHARE:
+ if( step != PSA_PAKE_STEP_KEY_SHARE )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ case PSA_PAKE_X1_STEP_ZK_PUBLIC:
+ case PSA_PAKE_X2_STEP_ZK_PUBLIC:
+ if( step != PSA_PAKE_STEP_ZK_PUBLIC )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ case PSA_PAKE_X1_STEP_ZK_PROOF:
+ case PSA_PAKE_X2_STEP_ZK_PROOF:
+ if( step != PSA_PAKE_STEP_ZK_PROOF )
+ return( PSA_ERROR_BAD_STATE );
+ break;
+
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ /* Copy input to local buffer */
+ memcpy( operation->buffer + operation->buffer_length,
+ input, input_length );
+ operation->buffer_length += input_length;
+
+ /* Load buffer at each last round ZK_PROOF */
+ if( operation->state == PSA_PAKE_INPUT_X1_X2 &&
+ operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF )
+ {
+ ret = mbedtls_ecjpake_read_round_one( &operation->ctx.ecjpake,
+ operation->buffer,
+ operation->buffer_length );
+
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ operation->buffer_length = 0;
+
+ if( ret != 0 )
+ {
+ psa_pake_abort( operation );
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+ }
+ }
+ else if( operation->state == PSA_PAKE_INPUT_X4S &&
+ operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF )
+ {
+ ret = mbedtls_ecjpake_read_round_two( &operation->ctx.ecjpake,
+ operation->buffer,
+ operation->buffer_length );
+
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ operation->buffer_length = 0;
+
+ if( ret != 0 )
+ {
+ psa_pake_abort( operation );
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+ }
+ }
+
+ if( ( operation->state == PSA_PAKE_INPUT_X1_X2 &&
+ operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF ) ||
+ ( operation->state == PSA_PAKE_INPUT_X4S &&
+ operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF ) )
+ {
+ operation->state = PSA_PAKE_STATE_READY;
+ operation->input_step++;
+ operation->sequence = PSA_PAKE_SEQ_INVALID;
+ }
+ else
+ operation->sequence++;
+
+ return( PSA_SUCCESS );
+ }
+ else
+#endif
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
+ psa_key_derivation_operation_t *output)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if( operation->alg == PSA_ALG_NONE ||
+ operation->state != PSA_PAKE_STATE_READY ||
+ operation->input_step != PSA_PAKE_STEP_DERIVE ||
+ operation->output_step != PSA_PAKE_STEP_DERIVE )
+ return( PSA_ERROR_BAD_STATE );
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ if( operation->alg == PSA_ALG_JPAKE )
+ {
+ ret = mbedtls_ecjpake_write_shared_key( &operation->ctx.ecjpake,
+ operation->buffer,
+ PSA_PAKE_BUFFER_SIZE,
+ &operation->buffer_length,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE );
+ if( ret != 0)
+ {
+ psa_pake_abort( operation );
+ return( mbedtls_ecjpake_to_psa_error( ret ) );
+ }
+
+ status = psa_key_derivation_input_bytes( output,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ operation->buffer,
+ operation->buffer_length );
+
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+
+ psa_pake_abort( operation );
+
+ return( status );
+ }
+ else
+#endif
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_pake_abort(psa_pake_operation_t * operation)
+{
+ if( operation->alg == PSA_ALG_NONE )
+ {
+ return( PSA_SUCCESS );
+ }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+ if( operation->alg == PSA_ALG_JPAKE )
+ {
+ operation->input_step = PSA_PAKE_STEP_INVALID;
+ operation->output_step = PSA_PAKE_STEP_INVALID;
+ operation->password = MBEDTLS_SVC_KEY_ID_INIT;
+ operation->role = PSA_PAKE_ROLE_NONE;
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ operation->buffer_length = 0;
+ operation->buffer_offset = 0;
+ mbedtls_ecjpake_free( &operation->ctx.ecjpake );
+ }
+#endif
+
+ operation->alg = PSA_ALG_NONE;
+ operation->state = PSA_PAKE_STATE_INVALID;
+ operation->sequence = PSA_PAKE_SEQ_INVALID;
+
+ return( PSA_SUCCESS );
+}
+
+#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/rsa.c b/library/rsa.c
index 50d15a1..4df240a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -57,12 +57,9 @@
/* We use MD first if it's available (for compatibility reasons)
* and "fall back" to PSA otherwise (which needs psa_crypto_init()). */
#if defined(MBEDTLS_PKCS1_V21)
-#if defined(MBEDTLS_MD_C)
-#define HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#else /* MBEDTLS_MD_C */
+#if !defined(MBEDTLS_MD_C)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#define HASH_MAX_SIZE PSA_HASH_MAX_SIZE
#endif /* MBEDTLS_MD_C */
#endif /* MBEDTLS_PKCS1_V21 */
@@ -77,19 +74,12 @@
#if !defined(MBEDTLS_RSA_ALT)
-/* Parameter validation macros */
-#define RSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-#define RSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
const mbedtls_mpi *P, const mbedtls_mpi *Q,
const mbedtls_mpi *D, const mbedtls_mpi *E )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( ctx != NULL );
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
@@ -114,7 +104,6 @@
unsigned char const *E, size_t E_len )
{
int ret = 0;
- RSA_VALIDATE_RET( ctx != NULL );
if( N != NULL )
{
@@ -244,8 +233,6 @@
#endif
int n_missing, pq_missing, d_missing, is_pub, is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
-
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
@@ -348,7 +335,6 @@
{
int ret = 0;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -393,7 +379,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -437,7 +422,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -474,8 +458,6 @@
*/
void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
ctx->padding = MBEDTLS_RSA_PKCS_V15;
@@ -552,8 +534,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi H, G, L;
int prime_quality = 0;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( f_rng != NULL );
/*
* If the modulus is 1024 bit long or shorter, then the security strength of
@@ -666,8 +646,6 @@
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE_RET( ctx != NULL );
-
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
@@ -691,8 +669,6 @@
*/
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE_RET( ctx != NULL );
-
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
{
@@ -722,9 +698,6 @@
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv )
{
- RSA_VALIDATE_RET( pub != NULL );
- RSA_VALIDATE_RET( prv != NULL );
-
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
mbedtls_rsa_check_privkey( prv ) != 0 )
{
@@ -750,9 +723,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
mbedtls_mpi T;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -920,10 +890,6 @@
* checked result; should be the same in the end. */
mbedtls_mpi I, C;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1114,7 +1080,7 @@
unsigned char *p;
unsigned int hlen;
size_t i, use_len;
- unsigned char mask[HASH_MAX_SIZE];
+ unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
#if defined(MBEDTLS_MD_C)
int ret = 0;
const mbedtls_md_info_t *md_info;
@@ -1311,11 +1277,6 @@
unsigned char *p = output;
unsigned int hlen;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1377,10 +1338,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = output;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
olen = ctx->len;
/* first comparison checks for overflow */
@@ -1429,10 +1386,6 @@
const unsigned char *input,
unsigned char *output )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1469,15 +1422,9 @@
size_t ilen, i, pad_len;
unsigned char *p, bad, pad_done;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- unsigned char lhash[HASH_MAX_SIZE];
+ unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
unsigned int hlen;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
/*
* Parameters sanity checks
*/
@@ -1598,11 +1545,6 @@
size_t ilen;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
ilen = ctx->len;
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
@@ -1637,11 +1579,6 @@
unsigned char *output,
size_t output_max_len)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1679,11 +1616,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msb;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1955,11 +1889,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *sig_try = NULL, *verif = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2023,11 +1954,8 @@
const unsigned char *hash,
unsigned char *sig )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
switch( ctx->padding )
{
@@ -2064,16 +1992,13 @@
size_t siglen;
unsigned char *p;
unsigned char *hash_start;
- unsigned char result[HASH_MAX_SIZE];
+ unsigned char result[MBEDTLS_HASH_MAX_SIZE];
unsigned int hlen;
size_t observed_salt_len, msb;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0};
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
siglen = ctx->len;
@@ -2168,11 +2093,8 @@
const unsigned char *sig )
{
mbedtls_md_type_t mgf1_hash_id;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
? (mbedtls_md_type_t) ctx->hash_id
@@ -2201,11 +2123,8 @@
size_t sig_len;
unsigned char *encoded = NULL, *encoded_expected = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
sig_len = ctx->len;
@@ -2270,11 +2189,8 @@
const unsigned char *hash,
const unsigned char *sig )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
switch( ctx->padding )
{
@@ -2301,8 +2217,6 @@
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( dst != NULL );
- RSA_VALIDATE_RET( src != NULL );
dst->len = src->len;
diff --git a/library/sha1.c b/library/sha1.c
index 6fc9371..56532b1 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -41,17 +41,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
-#define SHA1_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
-
-#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA1_ALT)
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
@@ -66,9 +59,6 @@
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
- SHA1_VALIDATE( dst != NULL );
- SHA1_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -77,8 +67,6 @@
*/
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE_RET( ctx != NULL );
-
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -100,9 +88,6 @@
uint32_t temp, W[16], A, B, C, D, E;
} local;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
-
local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
@@ -277,9 +262,6 @@
size_t fill;
uint32_t left;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -329,9 +311,6 @@
uint32_t used;
uint32_t high, low;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -392,9 +371,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha1_context ctx;
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha1_init( &ctx );
if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index ac15ef8..4819ba3 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -149,18 +149,12 @@
#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA256_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
-#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA256_ALT)
#define SHA256_BLOCK_SIZE 64
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
- SHA256_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
@@ -175,9 +169,6 @@
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
- SHA256_VALIDATE( dst != NULL );
- SHA256_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -186,12 +177,12 @@
*/
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
- SHA256_VALIDATE_RET( ctx != NULL );
-
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -427,9 +418,6 @@
unsigned int i;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
-
for( i = 0; i < 8; i++ )
local.A[i] = ctx->state[i];
@@ -579,9 +567,6 @@
size_t fill;
uint32_t left;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -633,9 +618,6 @@
uint32_t used;
uint32_t high, low;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -705,14 +687,13 @@
mbedtls_sha256_context ctx;
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha256_init( &ctx );
if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
diff --git a/library/sha512.c b/library/sha512.c
index be03ec3..f96580d 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -164,10 +164,6 @@
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA512_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
-#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA512_ALT)
#define SHA512_BLOCK_SIZE 128
@@ -183,8 +179,6 @@
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
- SHA512_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
}
@@ -199,9 +193,6 @@
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src )
{
- SHA512_VALIDATE( dst != NULL );
- SHA512_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -210,11 +201,12 @@
*/
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
- SHA512_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -569,9 +561,6 @@
uint64_t A[8];
} local;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
-
#define SHR(x,n) ((x) >> (n))
#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
@@ -735,9 +724,6 @@
size_t fill;
unsigned int left;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -788,9 +774,6 @@
unsigned used;
uint64_t high, low;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
*/
@@ -862,12 +845,12 @@
mbedtls_sha512_context ctx;
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
mbedtls_sha512_init( &ctx );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index dc50449..808aa9e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -33,7 +33,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 8777833..b6a8add 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -38,7 +38,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/constant_time.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4842135..afacb76 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -32,7 +32,7 @@
#include "mbedtls/psa_util.h"
#include "hash_info.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
@@ -624,6 +624,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ uint16_t new_session_tickets_count; /*!< number of session tickets */
+#endif
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2137,33 +2140,33 @@
switch( sig_alg )
{
#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
break;
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(PSA_WANT_ALG_SHA_384) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
break;
-#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(PSA_WANT_ALG_SHA_512) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
break;
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_PKCS1_V21)
-#if defined(MBEDTLS_SHA256_C)
+#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
break;
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA384_C)
+#endif /* PSA_WANT_ALG_SHA_256 */
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
break;
-#endif /* MBEDTLS_SHA384_C */
-#if defined(MBEDTLS_SHA512_C)
+#endif /* PSA_WANT_ALG_SHA_384 */
+#if defined(PSA_WANT_ALG_SHA_512)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
break;
-#endif /* MBEDTLS_SHA512_C */
+#endif /* PSA_WANT_ALG_SHA_512 */
#endif /* MBEDTLS_PKCS1_V21 */
default:
return( 0 );
@@ -2178,18 +2181,18 @@
switch( sig_alg )
{
#if defined(MBEDTLS_PKCS1_V15)
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA384_C)
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
break;
-#endif /* MBEDTLS_SHA384_C */
-#if defined(MBEDTLS_SHA512_C)
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
break;
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_PKCS1_V15 */
default:
return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
@@ -2457,16 +2460,6 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/* Check if we have any PSK to offer, returns 0 if PSK is available.
- * Assign the psk and ticket if pointers are present.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_psk_to_offer(
- const mbedtls_ssl_context *ssl,
- int *psk_type,
- const unsigned char **psk, size_t *psk_len,
- const unsigned char **psk_identity, size_t *psk_identity_len );
-
/**
* \brief Given an SSL context and its associated configuration, write the TLS
* 1.3 specific Pre-Shared key extension.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 435d772..f0615ea 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -54,7 +54,7 @@
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
@@ -763,6 +763,13 @@
mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS)
+ ssl->handshake->new_session_tickets_count =
+ ssl->conf->new_session_tickets_count ;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
@@ -1694,9 +1701,9 @@
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = psa_key_attributes_init();
- psa_status_t status;
- psa_algorithm_t alg;
- mbedtls_svc_key_id_t key;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg = PSA_ALG_NONE;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( psk == NULL || ssl->handshake == NULL )
@@ -1708,17 +1715,26 @@
ssl_remove_psk( ssl );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384)
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
- else
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 );
+ else
+ alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 );
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- psa_set_key_usage_flags( &key_attributes,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
-#else
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-#endif
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ alg = PSA_ALG_HKDF_EXTRACT( PSA_ALG_ANY_HASH );
+ psa_set_key_usage_flags( &key_attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
psa_set_key_algorithm( &key_attributes, alg );
psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
@@ -2602,6 +2618,15 @@
#endif
#if defined(MBEDTLS_SSL_SRV_C)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
+ uint16_t num_tickets )
+{
+ conf->new_session_tickets_count = num_tickets;
+}
+#endif
+
void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_ticket_write_t *f_ticket_write,
mbedtls_ssl_ticket_parse_t *f_ticket_parse,
@@ -4635,6 +4660,10 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_new_session_tickets(
+ conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
+#endif
/*
* Allow all TLS 1.3 key exchange modes by default.
*/
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index f814094..d1ec55c 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2330,11 +2330,8 @@
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
size_t sig_len, hashlen;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char hash[PSA_HASH_MAX_SIZE];
-#else
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#endif
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index eab2776..997f584 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -36,6 +36,7 @@
#include "mbedtls/platform_util.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
+#include "hash_info.h"
#include <string.h>
@@ -3059,11 +3060,8 @@
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char hash[PSA_HASH_MAX_SIZE];
-#else
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#endif
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 505f8dd..33e8cc6 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -664,10 +664,59 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
return ( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+/* Check if we have any PSK to offer, returns 0 if a PSK is available. */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_get_psk_to_offer(
+ const mbedtls_ssl_context *ssl,
+ int *psk_type,
+ const unsigned char **psk, size_t *psk_len,
+ const unsigned char **psk_identity, size_t *psk_identity_len )
+{
+ *psk = NULL;
+ *psk_len = 0;
+ *psk_identity = NULL;
+ *psk_identity_len = 0;
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ /* Check if a ticket has been configured. */
+ if( ssl->session_negotiate != NULL &&
+ ssl->session_negotiate->ticket != NULL )
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now = mbedtls_time( NULL );
+ if( ssl->session_negotiate->ticket_received <= now &&
+ (uint64_t)( now - ssl->session_negotiate->ticket_received )
+ <= ssl->session_negotiate->ticket_lifetime )
+ {
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+ *psk = ssl->session_negotiate->resumption_key;
+ *psk_len = ssl->session_negotiate->resumption_key_len;
+ *psk_identity = ssl->session_negotiate->ticket;
+ *psk_identity_len = ssl->session_negotiate->ticket_len;
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) );
+ }
+#endif
+
+ /* Check if an external PSK has been configured. */
+ if( ssl->conf->psk != NULL )
+ {
+ *psk = ssl->conf->psk;
+ *psk_len = ssl->conf->psk_len;
+ *psk_identity = ssl->conf->psk_identity;
+ *psk_identity_len = ssl->conf->psk_identity_len;
+ return( 0 );
+ }
+
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+}
/*
- * mbedtls_ssl_tls13_write_pre_shared_key_ext() structure:
+ * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure:
*
* struct {
* opaque identity<1..2^16-1>;
@@ -689,9 +738,6 @@
* } PreSharedKeyExtension;
*
*/
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end,
@@ -725,9 +771,8 @@
* configured, offer that.
* - Otherwise, skip the PSK extension.
*/
-
- if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) );
return( 0 );
@@ -757,6 +802,26 @@
break;
}
}
+ else
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now = mbedtls_time( NULL );
+
+ obfuscated_ticket_age =
+ ( (uint32_t)( now - ssl->session_negotiate->ticket_received ) * 1000 )
+ + ssl->session_negotiate->ticket_age_add;
+#endif
+ }
+ else
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "write_identities_of_pre_shared_key_ext: "
+ "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite );
@@ -831,8 +896,8 @@
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len;
- if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -1266,15 +1331,15 @@
size_t psk_len;
const unsigned char *psk_identity;
size_t psk_identity_len;
-
+ int psk_type;
/* Check which PSK we've offered.
*
* NOTE: Ultimately, we want to offer multiple PSKs, and in this
* case, we need to iterate over them here.
*/
- if( mbedtls_ssl_get_psk_to_offer( ssl, NULL, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
/* If we haven't offered a PSK, the server must not send
* a PSK identity extension. */
@@ -1622,16 +1687,19 @@
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
break;
/* Neither pre_shared_key nor key_share extension was received */
@@ -1819,7 +1887,12 @@
*/
switch( extension_type )
{
+ case MBEDTLS_TLS_EXT_SERVERNAME:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) );
+ /* The server_name extension should be an empty extension */
+
+ break;
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
break;
@@ -2237,11 +2310,11 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_generate_resumption_master_secret( ssl );
+ ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls13_generate_resumption_master_secret ", ret );
+ "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret );
return ( ret );
}
@@ -2405,6 +2478,9 @@
return( ret );
}
+ /* session has been updated, allow export */
+ session->exported = 0;
+
return( 0 );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2b9ac5c..f74cb40 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -976,7 +976,7 @@
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
size_t signature_len = 0;
- unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1361,7 +1361,7 @@
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char hash_transcript[ MBEDTLS_MD_MAX_SIZE + 4 ];
+ unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4];
size_t hash_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
@@ -1371,7 +1371,7 @@
ret = mbedtls_ssl_get_handshake_transcript( ssl, ciphersuite_info->mac,
hash_transcript + 4,
- MBEDTLS_MD_MAX_SIZE,
+ PSA_HASH_MAX_SIZE,
&hash_len );
if( ret != 0 )
{
@@ -1386,9 +1386,9 @@
hash_len += 4;
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
{
-#if defined(MBEDTLS_SHA256_C)
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-256 handshake transcript",
hash_transcript, hash_len );
@@ -1398,11 +1398,11 @@
#else
mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
#endif
-#endif /* MBEDTLS_SHA256_C */
}
- else if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
-#if defined(MBEDTLS_SHA384_C)
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
hash_transcript, hash_len );
@@ -1412,12 +1412,11 @@
#else
mbedtls_sha512_starts( &ssl->handshake->fin_sha384, 1 );
#endif
-#endif /* MBEDTLS_SHA384_C */
}
-
-#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C)
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
-#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
return( ret );
}
@@ -1505,41 +1504,4 @@
}
#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/* Check if we have any PSK to offer, returns 0 if PSK is available.
- * Assign the psk and ticket if pointers are present.
- */
-int mbedtls_ssl_get_psk_to_offer(
- const mbedtls_ssl_context *ssl,
- int *psk_type,
- const unsigned char **psk, size_t *psk_len,
- const unsigned char **psk_identity, size_t *psk_identity_len )
-{
- int ptrs_present = 0;
-
- if( psk_type != NULL && psk != NULL && psk_len != NULL &&
- psk_identity != NULL && psk_identity_len != NULL )
- {
- ptrs_present = 1;
- }
-
- /* Check if an external PSK has been configured. */
- if( ssl->conf->psk != NULL )
- {
- if( ptrs_present )
- {
- *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
- *psk = ssl->conf->psk;
- *psk_len = ssl->conf->psk_len;
- *psk_identity = ssl->conf->psk_identity;
- *psk_identity_len = ssl->conf->psk_identity_len;
- }
-
- return( 0 );
- }
-
- return( 1 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 583b8aa..48de3d0 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -359,7 +359,7 @@
ret = 0;
- if( input != NULL )
+ if( input != NULL && input_len != 0 )
{
memcpy( tmp_input, input, input_len );
ilen = input_len;
@@ -825,6 +825,9 @@
goto exit;
}
+ MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder",
+ early_secret, hash_len ) ;
+
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{
ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
@@ -1052,6 +1055,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t hash_alg;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ unsigned char *psk = NULL;
+ size_t psk_len = 0;
if( handshake->ciphersuite_info == NULL )
{
@@ -1060,15 +1065,34 @@
}
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
+ {
+ ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk",
+ ret );
+ return( ret );
+ }
+ }
+#endif
- ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0,
+ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
handshake->tls13_master_secrets.early );
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ mbedtls_free( (void*)psk );
+#endif
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
+ MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early",
+ handshake->tls13_master_secrets.early,
+ PSA_HASH_LENGTH( hash_alg ) );
return( 0 );
}
@@ -1480,12 +1504,43 @@
return( ret );
}
-int mbedtls_ssl_tls13_generate_resumption_master_secret(
- mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_md_type_t md_type;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t transcript_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "=> mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
+
+ md_type = handshake->ciphersuite_info->mac;
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+ transcript, sizeof( transcript ),
+ &transcript_len );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
+ mbedtls_psa_translate_md( md_type ),
+ handshake->tls13_master_secrets.app,
+ transcript, transcript_len,
+ &ssl->session_negotiate->app_secrets );
+ if( ret != 0 )
+ return( ret );
+
/* Erase master secrets */
- mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
- sizeof( ssl->handshake->tls13_master_secrets ) );
+ mbedtls_platform_zeroize( &handshake->tls13_master_secrets,
+ sizeof( handshake->tls13_master_secrets ) );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
+ ssl->session_negotiate->app_secrets.resumption_master_secret,
+ PSA_HASH_LENGTH( mbedtls_psa_translate_md( md_type ) ) ) ;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "<= mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
return( 0 );
}
@@ -1543,4 +1598,48 @@
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
+ unsigned char **psk,
+ size_t *psk_len )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ *psk_len = 0;
+ *psk = NULL;
+
+ if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes );
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) );
+ *psk = mbedtls_calloc( 1, *psk_len );
+ if( *psk == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ status = psa_export_key( ssl->handshake->psk_opaque,
+ (uint8_t *)*psk, *psk_len, psk_len );
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_free( (void *)*psk );
+ *psk = NULL;
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+ return( 0 );
+#else
+ *psk = ssl->handshake->psk;
+ *psk_len = ssl->handshake->psk_len;
+ if( *psk == NULL )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return( 0 );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 76c1e93..f3bdf37 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -81,7 +81,7 @@
* Since contexts are always hashes of message transcripts, this can
* be approximated from above by the maximum hash size. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \
- MBEDTLS_MD_MAX_SIZE
+ PSA_HASH_MAX_SIZE
/* Maximum desired length for expanded key material generated
* by HKDF-Expand-Label.
@@ -636,8 +636,7 @@
* \returns A negative error code on failure.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_generate_resumption_master_secret(
- mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl );
/**
* \brief Calculate the verify_data value for the client or server TLS 1.3
@@ -692,6 +691,24 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl );
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+/**
+ * \brief Export TLS 1.3 PSK from handshake context
+ *
+ * \param[in] ssl The SSL context to operate on.
+ * \param[out] psk PSK output pointer.
+ * \param[out] psk_len Length of PSK.
+ *
+ * \returns \c 0 if there is a configured PSK and it was exported
+ * successfully.
+ * \returns A negative error code on failure.
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
+ unsigned char **psk,
+ size_t *psk_len );
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 4319ec3..bf281bf 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -46,6 +46,25 @@
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+
+static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
+ mbedtls_ssl_context *ssl,
+ unsigned int cipher_suite )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ return( NULL );
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+ if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+ ssl->tls_version,
+ ssl->tls_version ) != 0 ) )
+ {
+ return( NULL );
+ }
+ return( ciphersuite_info );
+}
+
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/* From RFC 8446:
*
@@ -100,14 +119,172 @@
return( 0 );
}
-#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 0
-#define SSL_TLS1_3_OFFERED_PSK_MATCH 1
+#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1
+#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_offered_psks_check_identity_match_ticket(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *identity,
+ size_t identity_len,
+ uint32_t obfuscated_ticket_age,
+ mbedtls_ssl_session *session )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *ticket_buffer;
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now;
+ uint64_t age_in_s;
+ int64_t age_diff_in_ms;
+#endif
+
+ ((void) obfuscated_ticket_age);
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> check_identity_match_ticket" ) );
+
+ /* Ticket parser is not configured, Skip */
+ if( ssl->conf->f_ticket_parse == NULL || identity_len == 0 )
+ return( 0 );
+
+ /* We create a copy of the encrypted ticket since the ticket parsing
+ * function is allowed to use its input buffer as an output buffer
+ * (in-place decryption). We do, however, need the original buffer for
+ * computing the PSK binder value.
+ */
+ ticket_buffer = mbedtls_calloc( 1, identity_len );
+ if( ticket_buffer == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+ memcpy( ticket_buffer, identity, identity_len );
+
+ if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket,
+ session,
+ ticket_buffer, identity_len ) ) != 0 )
+ {
+ if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
+ else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
+ else
+ MBEDTLS_SSL_DEBUG_RET( 1, "ticket_parse", ret );
+ }
+
+ /* We delete the temporary buffer */
+ mbedtls_free( ticket_buffer );
+
+ if( ret != 0 )
+ goto exit;
+
+ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+#if defined(MBEDTLS_HAVE_TIME)
+ now = mbedtls_time( NULL );
+
+ if( now < session->start )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: now=%" MBEDTLS_PRINTF_LONGLONG
+ ", start=%" MBEDTLS_PRINTF_LONGLONG,
+ (long long)now, (long long)session->start ) );
+ goto exit;
+ }
+
+ age_in_s = (uint64_t)( now - session->start );
+
+ /* RFC 8446 section 4.6.1
+ *
+ * Servers MUST NOT use any value greater than 604800 seconds (7 days).
+ *
+ * RFC 8446 section 4.2.11.1
+ *
+ * Clients MUST NOT attempt to use tickets which have ages greater than
+ * the "ticket_lifetime" value which was provided with the ticket.
+ *
+ * For time being, the age MUST be less than 604800 seconds (7 days).
+ */
+ if( age_in_s > 604800 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: Ticket age exceed limitation ticket_age=%lu",
+ (long unsigned int)age_in_s ) );
+ goto exit;
+ }
+
+ /* RFC 8446 section 4.2.10
+ *
+ * For PSKs provisioned via NewSessionTicket, a server MUST validate that
+ * the ticket age for the selected PSK identity (computed by subtracting
+ * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is
+ * within a small tolerance of the time since the ticket was issued.
+ *
+ * NOTE: When `now == session->start`, `age_diff_in_ms` may be negative
+ * as the age units are different on the server (s) and in the
+ * client (ms) side. Add a -1000 ms tolerance window to take this
+ * into account.
+ */
+ age_diff_in_ms = age_in_s * 1000;
+ age_diff_in_ms -= ( obfuscated_ticket_age - session->ticket_age_add );
+ if( age_diff_in_ms <= -1000 ||
+ age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: Ticket age outside tolerance window "
+ "( diff=%d )", (int)age_diff_in_ms ) );
+ goto exit;
+ }
+
+ ret = 0;
+
+#endif /* MBEDTLS_HAVE_TIME */
+
+exit:
+ if( ret != 0 )
+ mbedtls_ssl_session_free( session );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= check_identity_match_ticket" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match(
mbedtls_ssl_context *ssl,
const unsigned char *identity,
- size_t identity_len )
+ size_t identity_len,
+ uint32_t obfuscated_ticket_age,
+ int *psk_type,
+ mbedtls_ssl_session *session )
{
+ ((void) session);
+ ((void) obfuscated_ticket_age);
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "identity", identity, identity_len );
+ ssl->handshake->resume = 0;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( ssl_tls13_offered_psks_check_identity_match_ticket(
+ ssl, identity, identity_len, obfuscated_ticket_age,
+ session ) == SSL_TLS1_3_OFFERED_PSK_MATCH )
+ {
+ ssl->handshake->resume = 1;
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+ mbedtls_ssl_set_hs_psk( ssl,
+ session->resumption_key,
+ session->resumption_key_len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Ticket-resumed PSK:",
+ session->resumption_key,
+ session->resumption_key_len );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "ticket: obfuscated_ticket_age: %u",
+ (unsigned)obfuscated_ticket_age ) );
+ return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
/* Check identity with external configured function */
if( ssl->conf->f_psk != NULL )
{
@@ -134,85 +311,32 @@
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_get_psk( mbedtls_ssl_context *ssl,
- unsigned char **psk,
- size_t *psk_len )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
-
- *psk_len = 0;
- *psk = NULL;
-
- status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes );
- if( status != PSA_SUCCESS)
- {
- return( psa_ssl_status_to_mbedtls( status ) );
- }
-
- *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) );
- *psk = mbedtls_calloc( 1, *psk_len );
- if( *psk == NULL )
- {
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- status = psa_export_key( ssl->handshake->psk_opaque,
- (uint8_t *)*psk, *psk_len, psk_len );
- if( status != PSA_SUCCESS)
- {
- mbedtls_free( (void *)*psk );
- return( psa_ssl_status_to_mbedtls( status ) );
- }
-#else
- *psk = ssl->handshake->psk;
- *psk_len = ssl->handshake->psk_len;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl,
const unsigned char *binder,
- size_t binder_len )
+ size_t binder_len,
+ int psk_type,
+ psa_algorithm_t psk_hash_alg )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- int psk_type;
- mbedtls_md_type_t md_alg;
- psa_algorithm_t psa_md_alg;
unsigned char transcript[PSA_HASH_MAX_SIZE];
size_t transcript_len;
unsigned char *psk;
size_t psk_len;
unsigned char server_computed_binder[PSA_HASH_MAX_SIZE];
- psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
- switch( binder_len )
- {
- case 32:
- md_alg = MBEDTLS_MD_SHA256;
- break;
- case 48:
- md_alg = MBEDTLS_MD_SHA384;
- break;
- default:
- return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
- }
- psa_md_alg = mbedtls_psa_translate_md( md_alg );
/* Get current state of handshake transcript. */
- ret = mbedtls_ssl_get_handshake_transcript( ssl, md_alg,
- transcript, sizeof( transcript ),
- &transcript_len );
+ ret = mbedtls_ssl_get_handshake_transcript(
+ ssl, mbedtls_hash_info_md_from_psa( psk_hash_alg ),
+ transcript, sizeof( transcript ), &transcript_len );
if( ret != 0 )
return( ret );
- ret = ssl_tls13_get_psk( ssl, &psk, &psk_len );
+ ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_md_alg,
+ ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psk_hash_alg,
psk, psk_len, psk_type,
transcript,
server_computed_binder );
@@ -239,6 +363,105 @@
return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_select_ciphersuite_for_psk(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *cipher_suites,
+ const unsigned char *cipher_suites_end,
+ uint16_t *selected_ciphersuite,
+ const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+{
+ psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
+
+ *selected_ciphersuite = 0;
+ *selected_ciphersuite_info = NULL;
+
+ /* RFC 8446, page 55.
+ *
+ * For externally established PSKs, the Hash algorithm MUST be set when the
+ * PSK is established or default to SHA-256 if no such algorithm is defined.
+ *
+ */
+
+ /*
+ * Search for a matching ciphersuite
+ */
+ for ( const unsigned char *p = cipher_suites;
+ p < cipher_suites_end; p += 2 )
+ {
+ uint16_t cipher_suite;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+ cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
+ cipher_suite );
+ if( ciphersuite_info == NULL )
+ continue;
+
+ /* MAC of selected ciphersuite MUST be same with PSK binder if exist.
+ * Otherwise, client should reject.
+ */
+ if( psk_hash_alg == mbedtls_psa_translate_md( ciphersuite_info->mac ) )
+ {
+ *selected_ciphersuite = cipher_suite;
+ *selected_ciphersuite_info = ciphersuite_info;
+ return( 0 );
+ }
+ }
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "No matched ciphersuite" ) );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+}
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_select_ciphersuite_for_resumption(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *cipher_suites,
+ const unsigned char *cipher_suites_end,
+ mbedtls_ssl_session *session,
+ uint16_t *selected_ciphersuite,
+ const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+{
+
+ *selected_ciphersuite = 0;
+ *selected_ciphersuite_info = NULL;
+ for( const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2 )
+ {
+ uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+ if( cipher_suite != session->ciphersuite )
+ continue;
+
+ ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
+ cipher_suite );
+ if( ciphersuite_info == NULL )
+ continue;
+
+ *selected_ciphersuite = cipher_suite;
+ *selected_ciphersuite_info = ciphersuite_info;
+
+ return( 0 );
+ }
+
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+}
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_session_copy_ticket( mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src )
+{
+ dst->ticket_age_add = src->ticket_age_add;
+ dst->ticket_flags = src->ticket_flags;
+ dst->resumption_key_len = src->resumption_key_len;
+ if( src->resumption_key_len == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ memcpy( dst->resumption_key, src->resumption_key, src->resumption_key_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
/* Parser for pre_shared_key extension in client hello
* struct {
* opaque identity<1..2^16-1>;
@@ -261,10 +484,12 @@
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end )
+ const unsigned char *pre_shared_key_ext,
+ const unsigned char *pre_shared_key_ext_end,
+ const unsigned char *ciphersuites,
+ const unsigned char *ciphersuites_end )
{
- const unsigned char *identities = buf;
+ const unsigned char *identities = pre_shared_key_ext;
const unsigned char *p_identity_len;
size_t identities_len;
const unsigned char *identities_end;
@@ -275,41 +500,54 @@
int matched_identity = -1;
int identity_id = -1;
- MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension", buf, end - buf );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension",
+ pre_shared_key_ext,
+ pre_shared_key_ext_end - pre_shared_key_ext );
/* identities_len 2 bytes
* identities_data >= 7 bytes
*/
- MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, end, 7 + 2 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, pre_shared_key_ext_end, 7 + 2 );
identities_len = MBEDTLS_GET_UINT16_BE( identities, 0 );
p_identity_len = identities + 2;
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, end, identities_len );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, pre_shared_key_ext_end,
+ identities_len );
identities_end = p_identity_len + identities_len;
/* binders_len 2 bytes
* binders >= 33 bytes
*/
binders = identities_end;
- MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, end, 33 + 2 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, pre_shared_key_ext_end, 33 + 2 );
binders_len = MBEDTLS_GET_UINT16_BE( binders, 0 );
p_binder_len = binders + 2;
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, end, binders_len );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, pre_shared_key_ext_end, binders_len );
binders_end = p_binder_len + binders_len;
- ssl->handshake->update_checksum( ssl, buf, identities_end - buf );
+ ssl->handshake->update_checksum( ssl, pre_shared_key_ext,
+ identities_end - pre_shared_key_ext );
while( p_identity_len < identities_end && p_binder_len < binders_end )
{
const unsigned char *identity;
size_t identity_len;
+ uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int psk_type;
+ uint16_t cipher_suite;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_session session;
+ mbedtls_ssl_session_init( &session );
+#endif
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 );
identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 );
identity = p_identity_len + 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( identity, identities_end, identity_len + 4 );
+ obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE( identity , identity_len );
p_identity_len += identity_len + 6;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, binders_end, 1 + 32 );
@@ -318,20 +556,61 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( binder, binders_end, binder_len );
p_binder_len += binder_len + 1;
-
identity_id++;
if( matched_identity != -1 )
continue;
ret = ssl_tls13_offered_psks_check_identity_match(
- ssl, identity, identity_len );
- if( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH == ret )
+ ssl, identity, identity_len, obfuscated_ticket_age,
+ &psk_type, &session );
+ if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
continue;
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "found matched identity" ) );
+ switch( psk_type )
+ {
+ case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
+ ret = ssl_tls13_select_ciphersuite_for_psk(
+ ssl, ciphersuites, ciphersuites_end,
+ &cipher_suite, &ciphersuite_info );
+ break;
+ case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ ret = ssl_tls13_select_ciphersuite_for_resumption(
+ ssl, ciphersuites, ciphersuites_end, &session,
+ &cipher_suite, &ciphersuite_info );
+ if( ret != 0 )
+ mbedtls_ssl_session_free( &session );
+#else
+ ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+#endif
+ break;
+ default:
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ if( ret != 0 )
+ {
+ /* See below, no cipher_suite available, abort handshake */
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_RET(
+ 2, "ssl_tls13_select_ciphersuite", ret );
+ return( ret );
+ }
+
ret = ssl_tls13_offered_psks_check_binder_match(
- ssl, binder, binder_len );
+ ssl, binder, binder_len, psk_type,
+ mbedtls_psa_translate_md( ciphersuite_info->mac ) );
if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
{
+ /* For security reasons, the handshake should be aborted when we
+ * fail to validate a binder value. See RFC 8446 section 4.2.11.2
+ * and appendix E.6. */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_session_free( &session );
+#endif
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Invalid binder." ) );
MBEDTLS_SSL_DEBUG_RET( 1,
"ssl_tls13_offered_psks_check_binder_match" , ret );
MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -339,10 +618,24 @@
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( ret );
}
- if( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH == ret )
- continue;
matched_identity = identity_id;
+
+ /* Update handshake parameters */
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
+ ssl->session_negotiate->ciphersuite = cipher_suite;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s",
+ cipher_suite, ciphersuite_info->name ) );
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+ ret = ssl_tls13_session_copy_ticket( ssl->session_negotiate,
+ &session );
+ mbedtls_ssl_session_free( &session );
+ if( ret != 0 )
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
}
if( p_identity_len != identities_end || p_binder_len != binders_end )
@@ -359,7 +652,7 @@
(size_t)( binders_end - identities_end ) );
if( matched_identity == -1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "No matched pre shared key found" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "No matched PSK or ticket." ) );
return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
}
@@ -946,16 +1239,15 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t legacy_session_id_len;
- const unsigned char *cipher_suites;
size_t cipher_suites_len;
const unsigned char *cipher_suites_end;
size_t extensions_len;
const unsigned char *extensions_end;
int hrr_required = 0;
- const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- const unsigned char *pre_shared_key_ext_start = NULL;
+ const unsigned char *cipher_suites;
+ const unsigned char *pre_shared_key_ext = NULL;
const unsigned char *pre_shared_key_ext_end = NULL;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -1039,7 +1331,7 @@
p, legacy_session_id_len );
/*
* Check we have enough data for the legacy session identifier
- * and the ciphersuite list length.
+ * and the ciphersuite list length.
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_len + 2 );
@@ -1051,6 +1343,10 @@
/* Check we have enough data for the ciphersuite list, the legacy
* compression methods and the length of the extensions.
+ *
+ * cipher_suites cipher_suites_len bytes
+ * legacy_compression_methods 2 bytes
+ * extensions_len 2 bytes
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
@@ -1060,51 +1356,43 @@
* with CipherSuite defined as:
* uint8 CipherSuite[2];
*/
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
cipher_suites = p;
+#endif
cipher_suites_end = p + cipher_suites_len;
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
p, cipher_suites_len );
+
/*
* Search for a matching ciphersuite
*/
- int ciphersuite_match = 0;
for ( ; p < cipher_suites_end; p += 2 )
{
uint16_t cipher_suite;
+ const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
+
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
- /*
- * Check whether this ciphersuite is valid and offered.
- */
- if( ( mbedtls_ssl_validate_ciphersuite(
- ssl, ciphersuite_info, ssl->tls_version,
- ssl->tls_version ) != 0 ) ||
- ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
- {
+ ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
+ ssl,cipher_suite );
+ if( ciphersuite_info == NULL )
continue;
- }
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
- ciphersuite_match = 1;
-
- break;
-
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s",
+ cipher_suite,
+ ciphersuite_info->name ) );
}
- if( ! ciphersuite_match )
+ if( ssl->handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
- ciphersuite_info->name ) );
-
- p = cipher_suites + cipher_suites_len;
-
/* ...
* opaque legacy_compression_methods<1..2^8-1>;
* ...
@@ -1281,7 +1569,7 @@
* found out which algorithms to use. We keep a pointer
* to the buffer and the size for later processing.
*/
- pre_shared_key_ext_start = p;
+ pre_shared_key_ext = p;
pre_shared_key_ext_end = extension_data_end;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
@@ -1344,14 +1632,17 @@
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) &&
+ mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) )
{
ssl->handshake->update_checksum( ssl, buf,
- pre_shared_key_ext_start - buf );
+ pre_shared_key_ext - buf );
ret = ssl_tls13_parse_pre_shared_key_ext( ssl,
- pre_shared_key_ext_start,
- pre_shared_key_ext_end );
- if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY)
+ pre_shared_key_ext,
+ pre_shared_key_ext_end,
+ cipher_suites,
+ cipher_suites_end );
+ if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
{
ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
}
@@ -1372,6 +1663,8 @@
if( ret < 0 )
return( ret );
+ mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
+
return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
@@ -1594,6 +1887,10 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding key share extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, write selected_group: %s (%04x)",
+ mbedtls_ssl_named_group_to_str( group ),
+ group ) );
+
/* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
@@ -1802,7 +2099,7 @@
}
p += output_len;
- if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ if( mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
{
if( is_hrr )
ret = ssl_tls13_write_hrr_key_share_ext( ssl, p, end, &output_len );
@@ -1814,7 +2111,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
+ if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len );
if( ret != 0 )
@@ -2282,11 +2579,11 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_generate_resumption_master_secret( ssl );
+ ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls13_generate_resumption_master_secret ", ret );
+ "mbedtls_ssl_tls13_compute_resumption_master_secret", ret );
}
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
@@ -2322,7 +2619,21 @@
/* Check whether the use of session tickets is enabled */
if( ssl->conf->f_ticket_write == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " callback is not set" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+ if( ssl->conf->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " configured count is zero" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+
+ if( ssl->handshake->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
+ "been sent." ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
@@ -2555,6 +2866,15 @@
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
+ /* Limit session tickets count to one when resumption connection.
+ *
+ * See document of mbedtls_ssl_conf_new_session_tickets.
+ */
+ if( ssl->handshake->resume == 1 )
+ ssl->handshake->new_session_tickets_count = 0;
+ else
+ ssl->handshake->new_session_tickets_count--;
+
mbedtls_ssl_handshake_set_state( ssl,
MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH );
}
@@ -2705,7 +3025,11 @@
* as part of ssl_prepare_handshake_step.
*/
ret = 0;
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+
+ if( ssl->handshake->new_session_tickets_count == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/library/x509.c b/library/x509.c
index aa39517..f1d988a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -62,7 +62,7 @@
#include <time.h>
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) \
diff --git a/library/x509_crt.c b/library/x509_crt.c
index ad235bf..af1e487 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -47,8 +47,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "hash_info.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#include "hash_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -2354,11 +2354,10 @@
const mbedtls_x509_crt_profile *profile )
{
int flags = 0;
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char hash[PSA_HASH_MAX_SIZE];
psa_algorithm_t psa_algorithm;
#else
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t hash_length;
@@ -2465,8 +2464,8 @@
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
size_t hash_len;
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( child->sig_md );
hash_len = mbedtls_md_get_size( md_info );
@@ -2475,7 +2474,6 @@
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
return( -1 );
#else
- unsigned char hash[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( child->sig_md );
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 986e1fe..52942a9 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -43,10 +43,10 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "hash_info.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "legacy_or_psa.h"
+#include "hash_info.h"
+#include "mbedtls/legacy_or_psa.h"
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
@@ -360,12 +360,10 @@
unsigned char *c, *c2;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t hash_length = 0;
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t psa_algorithm;
- unsigned char hash[PSA_HASH_MAX_SIZE];
-#else
- unsigned char hash[64];
#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index b7a507e..c4dd1b7 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -35,8 +35,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "hash_info.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#include "hash_info.h"
#include <string.h>
#include <stdlib.h>
@@ -145,7 +145,7 @@
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
- unsigned char hash[64];
+ unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2537521..64baa19 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -657,6 +657,58 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+static int ssl_save_session_serialize( mbedtls_ssl_context *ssl,
+ unsigned char **session_data,
+ size_t *session_data_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_session exported_session;
+
+ /* free any previously saved data */
+ if( *session_data != NULL )
+ {
+ mbedtls_platform_zeroize( *session_data, *session_data_len );
+ mbedtls_free( *session_data );
+ *session_data = NULL;
+ *session_data_len = 0;
+ }
+
+ mbedtls_ssl_session_init( &exported_session );
+ ret = mbedtls_ssl_get_session( ssl, &exported_session );
+ if( ret != 0 )
+ {
+ mbedtls_printf(
+ "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
+ (unsigned) -ret );
+ goto exit;
+ }
+
+ /* get size of the buffer needed */
+ mbedtls_ssl_session_save( &exported_session, NULL, 0, session_data_len );
+ *session_data = mbedtls_calloc( 1, *session_data_len );
+ if( *session_data == NULL )
+ {
+ mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
+ (unsigned) *session_data_len );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+
+ /* actually save session data */
+ if( ( ret = mbedtls_ssl_session_save( &exported_session,
+ *session_data, *session_data_len,
+ session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+
+exit:
+ mbedtls_ssl_session_free( &exported_session );
+ return( ret );
+}
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@@ -1087,7 +1139,7 @@
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 2 )
+ if( opt.tickets < 0 )
goto usage;
}
else if( strcmp( p, "alpn" ) == 0 )
@@ -1426,11 +1478,11 @@
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -2360,57 +2412,21 @@
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
- if( opt.reconnect != 0 )
+ if( opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3 )
{
mbedtls_printf(" . Saving session for reuse..." );
fflush( stdout );
if( opt.reco_mode == 1 )
{
- mbedtls_ssl_session exported_session;
-
- /* free any previously saved data */
- if( session_data != NULL )
+ if( ( ret = ssl_save_session_serialize( &ssl,
+ &session_data, &session_data_len ) ) != 0 )
{
- mbedtls_platform_zeroize( session_data, session_data_len );
- mbedtls_free( session_data );
- session_data = NULL;
- }
-
- mbedtls_ssl_session_init( &exported_session );
- ret = mbedtls_ssl_get_session( &ssl, &exported_session );
- if( ret != 0 )
- {
- mbedtls_printf(
- "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
- (unsigned) -ret );
- goto exit;
- }
-
- /* get size of the buffer needed */
- mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len );
- session_data = mbedtls_calloc( 1, session_data_len );
- if( session_data == NULL )
- {
- mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
- (unsigned) session_data_len );
- mbedtls_ssl_session_free( &exported_session );
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- /* actually save session data */
- if( ( ret = mbedtls_ssl_session_save( &exported_session,
- session_data, session_data_len,
- &session_data_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
(unsigned int) -ret );
- mbedtls_ssl_session_free( &exported_session );
goto exit;
}
- mbedtls_ssl_session_free( &exported_session );
}
else
{
@@ -2652,6 +2668,9 @@
*/
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ int ticket_id = 0;
+#endif
do
{
len = sizeof( buf ) - 1;
@@ -2699,7 +2718,41 @@
case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
/* We were waiting for application data but got
* a NewSessionTicket instead. */
- mbedtls_printf( " got new session ticket.\n" );
+ mbedtls_printf( " got new session ticket ( %d ).\n",
+ ticket_id++ );
+ if( opt.reconnect != 0 )
+ {
+ mbedtls_printf(" . Saving session for reuse..." );
+ fflush( stdout );
+
+ if( opt.reco_mode == 1 )
+ {
+ if( ( ret = ssl_save_session_serialize( &ssl,
+ &session_data, &session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ if( opt.reco_mode == 1 )
+ {
+ mbedtls_printf( " [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len );
+ }
+ }
continue;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c592df2..a129de6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -471,7 +471,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
- " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
+ " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
+ " ephemeral_all, all, psk_or_ephemeral\n"
#else
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -1859,6 +1860,16 @@
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
else if( strcmp( q, "all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+ /* The purpose of `psk_or_ephemeral` is to improve test coverage. That
+ * is not recommended in practice.
+ * `psk_or_ephemeral` exists in theory, we need this mode to test if
+ * this setting work correctly. With this key exchange setting, server
+ * should always perform `ephemeral` handshake. `psk` or `psk_ephermal`
+ * is not expected.
+ */
+ else if( strcmp( q, "psk_or_ephemeral" ) == 0 )
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ;
else goto usage;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -1986,7 +1997,7 @@
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 1 )
+ if( opt.tickets < 0 )
goto usage;
}
else if( strcmp( p, "ticket_rotate" ) == 0 )
@@ -2250,11 +2261,11 @@
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -2904,7 +2915,7 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
+ if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
rng_get, &rng,
@@ -2919,7 +2930,9 @@
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&ticket_ctx );
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_conf_new_session_tickets( &conf, opt.tickets );
+#endif
/* exercise manual ticket rotation (not required for typical use)
* (used for external synchronization of session ticket encryption keys)
*/
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 8c35fab..42d8d11 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -296,23 +296,24 @@
#else
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif
+
uint16_t ssl_sig_algs_for_test[] = {
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
-#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
-#if defined(MBEDTLS_SHA224_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 662da98..e9d9275 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -10,4 +10,5 @@
python scripts\generate_ssl_debug_helpers.py || exit /b 1
perl scripts\generate_visualc_files.pl || exit /b 1
python scripts\generate_psa_constants.py || exit /b 1
+python tests\scripts\generate_bignum_tests.py || exit /b 1
python tests\scripts\generate_psa_tests.py || exit /b 1
diff --git a/scripts/mbedtls_dev/test_generation.py b/scripts/mbedtls_dev/test_generation.py
new file mode 100644
index 0000000..a88425f
--- /dev/null
+++ b/scripts/mbedtls_dev/test_generation.py
@@ -0,0 +1,219 @@
+"""Common test generation classes and main function.
+
+These are used both by generate_psa_tests.py and generate_bignum_tests.py.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import os
+import posixpath
+import re
+
+from abc import ABCMeta, abstractmethod
+from typing import Callable, Dict, Iterable, Iterator, List, Type, TypeVar
+
+from mbedtls_dev import build_tree
+from mbedtls_dev import test_case
+
+T = TypeVar('T') #pylint: disable=invalid-name
+
+
+class BaseTarget(metaclass=ABCMeta):
+ """Base target for test case generation.
+
+ Child classes of this class represent an output file, and can be referred
+ to as file targets. These indicate where test cases will be written to for
+ all subclasses of the file target, which is set by `target_basename`.
+
+ Attributes:
+ count: Counter for test cases from this class.
+ case_description: Short description of the test case. This may be
+ automatically generated using the class, or manually set.
+ dependencies: A list of dependencies required for the test case.
+ show_test_count: Toggle for inclusion of `count` in the test description.
+ target_basename: Basename of file to write generated tests to. This
+ should be specified in a child class of BaseTarget.
+ test_function: Test function which the class generates cases for.
+ test_name: A common name or description of the test function. This can
+ be `test_function`, a clearer equivalent, or a short summary of the
+ test function's purpose.
+ """
+ count = 0
+ case_description = ""
+ dependencies = [] # type: List[str]
+ show_test_count = True
+ target_basename = ""
+ test_function = ""
+ test_name = ""
+
+ def __new__(cls, *args, **kwargs):
+ # pylint: disable=unused-argument
+ cls.count += 1
+ return super().__new__(cls)
+
+ @abstractmethod
+ def arguments(self) -> List[str]:
+ """Get the list of arguments for the test case.
+
+ Override this method to provide the list of arguments required for
+ the `test_function`.
+
+ Returns:
+ List of arguments required for the test function.
+ """
+ raise NotImplementedError
+
+ def description(self) -> str:
+ """Create a test case description.
+
+ Creates a description of the test case, including a name for the test
+ function, an optional case count, and a description of the specific
+ test case. This should inform a reader what is being tested, and
+ provide context for the test case.
+
+ Returns:
+ Description for the test case.
+ """
+ if self.show_test_count:
+ return "{} #{} {}".format(
+ self.test_name, self.count, self.case_description
+ ).strip()
+ else:
+ return "{} {}".format(self.test_name, self.case_description).strip()
+
+
+ def create_test_case(self) -> test_case.TestCase:
+ """Generate TestCase from the instance."""
+ tc = test_case.TestCase()
+ tc.set_description(self.description())
+ tc.set_function(self.test_function)
+ tc.set_arguments(self.arguments())
+ tc.set_dependencies(self.dependencies)
+
+ return tc
+
+ @classmethod
+ @abstractmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ """Generate test cases for the class test function.
+
+ This will be called in classes where `test_function` is set.
+ Implementations should yield TestCase objects, by creating instances
+ of the class with appropriate input data, and then calling
+ `create_test_case()` on each.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def generate_tests(cls) -> Iterator[test_case.TestCase]:
+ """Generate test cases for the class and its subclasses.
+
+ In classes with `test_function` set, `generate_function_tests()` is
+ called to generate test cases first.
+
+ In all classes, this method will iterate over its subclasses, and
+ yield from `generate_tests()` in each. Calling this method on a class X
+ will yield test cases from all classes derived from X.
+ """
+ if cls.test_function:
+ yield from cls.generate_function_tests()
+ for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__):
+ yield from subclass.generate_tests()
+
+
+class TestGenerator:
+ """Generate test cases and write to data files."""
+ def __init__(self, options) -> None:
+ self.test_suite_directory = self.get_option(options, 'directory',
+ 'tests/suites')
+ # Update `targets` with an entry for each child class of BaseTarget.
+ # Each entry represents a file generated by the BaseTarget framework,
+ # and enables generating the .data files using the CLI.
+ self.targets.update({
+ subclass.target_basename: subclass.generate_tests
+ for subclass in BaseTarget.__subclasses__()
+ })
+
+ @staticmethod
+ def get_option(options, name: str, default: T) -> T:
+ value = getattr(options, name, None)
+ return default if value is None else value
+
+ def filename_for(self, basename: str) -> str:
+ """The location of the data file with the specified base name."""
+ return posixpath.join(self.test_suite_directory, basename + '.data')
+
+ def write_test_data_file(self, basename: str,
+ test_cases: Iterable[test_case.TestCase]) -> None:
+ """Write the test cases to a .data file.
+
+ The output file is ``basename + '.data'`` in the test suite directory.
+ """
+ filename = self.filename_for(basename)
+ test_case.write_data_file(filename, test_cases)
+
+ # Note that targets whose names contain 'test_format' have their content
+ # validated by `abi_check.py`.
+ targets = {} # type: Dict[str, Callable[..., Iterable[test_case.TestCase]]]
+
+ def generate_target(self, name: str, *target_args) -> None:
+ """Generate cases and write to data file for a target.
+
+ For target callables which require arguments, override this function
+ and pass these arguments using super() (see PSATestGenerator).
+ """
+ test_cases = self.targets[name](*target_args)
+ self.write_test_data_file(name, test_cases)
+
+def main(args, description: str, generator_class: Type[TestGenerator] = TestGenerator):
+ """Command line entry point."""
+ parser = argparse.ArgumentParser(description=description)
+ parser.add_argument('--list', action='store_true',
+ help='List available targets and exit')
+ parser.add_argument('--list-for-cmake', action='store_true',
+ help='Print \';\'-separated list of available targets and exit')
+ parser.add_argument('--directory', metavar='DIR',
+ help='Output directory (default: tests/suites)')
+ # The `--directory` option is interpreted relative to the directory from
+ # which the script is invoked, but the default is relative to the root of
+ # the mbedtls tree. The default should not be set above, but instead after
+ # `build_tree.chdir_to_root()` is called.
+ parser.add_argument('targets', nargs='*', metavar='TARGET',
+ help='Target file to generate (default: all; "-": none)')
+ options = parser.parse_args(args)
+ build_tree.chdir_to_root()
+ generator = generator_class(options)
+ if options.list:
+ for name in sorted(generator.targets):
+ print(generator.filename_for(name))
+ return
+ # List in a cmake list format (i.e. ';'-separated)
+ if options.list_for_cmake:
+ print(';'.join(generator.filename_for(name)
+ for name in sorted(generator.targets)), end='')
+ return
+ if options.targets:
+ # Allow "-" as a special case so you can run
+ # ``generate_xxx_tests.py - $targets`` and it works uniformly whether
+ # ``$targets`` is empty or not.
+ options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
+ for target in options.targets
+ if target != '-']
+ else:
+ options.targets = sorted(generator.targets)
+ for target in options.targets:
+ generator.generate_target(target)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 6049b74..57cf977 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -20,24 +20,54 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ --list-for-cmake
+ --directory suites
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ OUTPUT_VARIABLE
+ base_bignum_generated_data_files)
+
+execute_process(
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
--list-for-cmake
--directory suites
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
- base_generated_data_files)
+ base_psa_generated_data_files)
# Derive generated file paths in the build directory
-set(generated_data_files "")
-foreach(file ${base_generated_data_files})
- list(APPEND generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
+set(base_generated_data_files ${base_bignum_generated_data_files} ${base_psa_generated_data_files})
+set(bignum_generated_data_files "")
+set(psa_generated_data_files "")
+foreach(file ${base_bignum_generated_data_files})
+ list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
+endforeach()
+foreach(file ${base_psa_generated_data_files})
+ list(APPEND psa_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
endforeach()
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${generated_data_files}
+ ${bignum_generated_data_files}
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
+ )
+ add_custom_command(
+ OUTPUT
+ ${psa_generated_data_files}
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
@@ -50,6 +80,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
@@ -65,7 +96,8 @@
# they can cause race conditions in parallel builds.
# With this line, only 4 sub-makefiles include the above command, that reduces
# the risk of a race.
-add_custom_target(test_suite_generated_data DEPENDS ${generated_data_files})
+add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files})
+add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files})
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
@@ -82,23 +114,39 @@
# Get the test names of the tests with generated .data files
# from the generated_data_files list in parent scope.
- set(generated_data_names "")
- foreach(generated_data_file ${generated_data_files})
+ set(bignum_generated_data_names "")
+ set(psa_generated_data_names "")
+ foreach(generated_data_file ${bignum_generated_data_files})
# Get the plain filename
get_filename_component(generated_data_name ${generated_data_file} NAME)
# Remove the ".data" extension
get_name_without_last_ext(generated_data_name ${generated_data_name})
# Remove leading "test_suite_"
string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name)
- list(APPEND generated_data_names ${generated_data_name})
+ list(APPEND bignum_generated_data_names ${generated_data_name})
+ endforeach()
+ foreach(generated_data_file ${psa_generated_data_files})
+ # Get the plain filename
+ get_filename_component(generated_data_name ${generated_data_file} NAME)
+ # Remove the ".data" extension
+ get_name_without_last_ext(generated_data_name ${generated_data_name})
+ # Remove leading "test_suite_"
+ string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name)
+ list(APPEND psa_generated_data_names ${generated_data_name})
endforeach()
- if(";${generated_data_names};" MATCHES ";${data_name};")
+ if(";${bignum_generated_data_names};" MATCHES ";${data_name};")
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data)
+ elseif(";${psa_generated_data_names};" MATCHES ";${data_name};")
+ set(data_file
+ ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_psa_generated_data)
else()
set(data_file
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data test_suite_psa_generated_data)
endif()
add_custom_command(
@@ -129,7 +177,7 @@
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
- add_dependencies(test_suite_${data_name} test_suite_generated_data)
+ add_dependencies(test_suite_${data_name} ${dependency})
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
# files (used by some invasive tests) from ../library. Public header
diff --git a/tests/Makefile b/tests/Makefile
index 0d08f84..8777ae9 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -66,28 +66,45 @@
endif
.PHONY: generated_files
-GENERATED_DATA_FILES := $(patsubst tests/%,%,$(shell \
+GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
+ $(PYTHON) scripts/generate_bignum_tests.py --list || \
+ echo FAILED \
+))
+ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
+$(error "$(PYTHON) scripts/generate_bignum_tests.py --list" failed)
+endif
+GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) scripts/generate_psa_tests.py --list || \
echo FAILED \
))
-ifeq ($(GENERATED_DATA_FILES),FAILED)
+ifeq ($(GENERATED_PSA_DATA_FILES),FAILED)
$(error "$(PYTHON) scripts/generate_psa_tests.py --list" failed)
endif
-GENERATED_FILES := $(GENERATED_DATA_FILES)
+GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES)
generated_files: $(GENERATED_FILES)
-# generate_psa_tests.py spends more time analyzing inputs than generating
-# outputs. Its inputs are the same no matter which files are being generated.
+# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
+# inputs than generating outputs. Its inputs are the same no matter which files
+# are being generated.
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
-.SECONDARY: generated_psa_test_data
-$(GENERATED_DATA_FILES): generated_psa_test_data
+.SECONDARY: generated_bignum_test_data generated_psa_test_data
+$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data
+generated_bignum_test_data: scripts/generate_bignum_tests.py
+generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py
+generated_bignum_test_data: ../scripts/mbedtls_dev/test_generation.py
+generated_bignum_test_data:
+ echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
+ $(PYTHON) scripts/generate_bignum_tests.py
+
+$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
+generated_psa_test_data: ../scripts/mbedtls_dev/test_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
@@ -98,7 +115,7 @@
generated_psa_test_data: ../include/psa/crypto_extra.h
generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data
generated_psa_test_data:
- echo " Gen $(GENERATED_DATA_FILES) ..."
+ echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
$(PYTHON) scripts/generate_psa_tests.py
# A test application is built for each suites/test_suite_*.data file.
@@ -107,7 +124,7 @@
DATA_FILES := $(wildcard suites/test_suite_*.data)
# Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed.
-DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES))
+DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_FILES))
APPS = $(basename $(subst suites/,,$(DATA_FILES)))
# Construct executable name by adding OS specific suffix $(EXEXT).
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
index f80fd86..1aee8a5 100644
--- a/tests/include/spe/crypto_spe.h
+++ b/tests/include/spe/crypto_spe.h
@@ -1,7 +1,18 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
*
- * SPDX-License-Identifier: BSD-3-Clause
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*
*/
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 6f42882..bc2b016 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -277,8 +277,16 @@
} \
while( 0 )
+#if !defined(MBEDTLS_MD_C)
+#define PSA_INIT_IF_NO_MD( ) PSA_INIT( )
+#define PSA_DONE_IF_NO_MD( ) PSA_DONE( )
+#endif
#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_MD_C)
+#define PSA_INIT_IF_NO_MD( ) ( (void) 0 )
+#define PSA_DONE_IF_NO_MD( ) ( (void) 0 )
+#endif
/** \def USE_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
new file mode 100755
index 0000000..eda2de9
--- /dev/null
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -0,0 +1,1631 @@
+#!/bin/sh
+
+# tls13-kex-modes.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+get_srv_psk_list ()
+{
+ case $(( TESTS % 3 )) in
+ 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";;
+ 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";;
+ 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";;
+ esac
+}
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+# SOME_ECDHE_ENABLED?
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched ciphersuite"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+# SOME_ECDHE_ENABLED?
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched ciphersuite"
+
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -s "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -s "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -s "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -S "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "write selected_group: secp256r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "write selected_group: secp521r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "write selected_group: x25519" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "write selected_group: x448" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -s "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/all, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Pre shared key found" \
+ -S "No matched PSK or ticket" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -s "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "Invalid binder." \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "write selected_group: secp256r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "write selected_group: secp521r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "write selected_group: x25519" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 0 \
+ -s "write selected_group: x448" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_openssl_tls1_3
+run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7139fde..28a20d2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -120,6 +120,9 @@
# Treat uninitialised variables as errors.
set -e -o pipefail -u
+# Enable ksh/bash extended file matching patterns
+shopt -s extglob
+
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
@@ -295,7 +298,7 @@
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
# Recover files overwritten by in-tree CMake builds
- rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
+ rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@@ -314,7 +317,9 @@
# Restore files that may have been clobbered by the job
for x in $files_to_back_up; do
- cp -p "$x$backup_suffix" "$x"
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
done
}
@@ -1210,8 +1215,6 @@
# Direct dependencies
scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_PKCS5_C
- scripts/config.py unset MBEDTLS_PKCS12_C
# Indirect dependencies
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
make
@@ -1717,7 +1720,7 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_ecdsa_ library/ecdsa.o
@@ -1799,7 +1802,7 @@
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
@@ -1829,7 +1832,7 @@
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_sha512_init library/sha512.o
not grep mbedtls_sha1_init library/sha1.o
@@ -1850,32 +1853,35 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
# Use an external RNG as currently internal RNGs depend on entropy.c
# which in turn hard-depends on SHA256_C (or SHA512_C).
# See component_test_psa_external_rng_no_drbg_use_psa.
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former
# Also unset MD_C and things that depend on it;
# see component_test_crypto_full_no_md.
scripts/config.py unset MBEDTLS_MD_C
scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_PKCS5_C
- scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
- # TLS 1.3 currently depends on SHA256_C || SHA384_C
- # but is already disabled in the default config
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
@@ -1891,6 +1897,12 @@
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ tests/ssl-opt.sh
+
+ msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ tests/compat.sh
}
component_test_psa_crypto_config_accel_cipher () {
@@ -1921,7 +1933,7 @@
scripts/config.py unset MBEDTLS_DES_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_des* library/des.o
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 1736f24..3006ec7 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -126,4 +126,5 @@
# the step that creates or updates these files.
check scripts/generate_visualc_files.pl visualc/VS2010
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
+check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
new file mode 100755
index 0000000..ceafa4a
--- /dev/null
+++ b/tests/scripts/generate_bignum_tests.py
@@ -0,0 +1,238 @@
+#!/usr/bin/env python3
+"""Generate test data for bignum functions.
+
+With no arguments, generate all test data. With non-option arguments,
+generate only the specified files.
+
+Class structure:
+
+Child classes of test_generation.BaseTarget (file targets) represent an output
+file. These indicate where test cases will be written to, for all subclasses of
+this target. Multiple file targets should not reuse a `target_basename`.
+
+Each subclass derived from a file target can either be:
+ - A concrete class, representing a test function, which generates test cases.
+ - An abstract class containing shared methods and attributes, not associated
+ with a test function. An example is BignumOperation, which provides
+ common features used for bignum binary operations.
+
+Both concrete and abstract subclasses can be derived from, to implement
+additional test cases (see BignumCmp and BignumCmpAbs for examples of deriving
+from abstract and concrete classes).
+
+
+Adding test case generation for a function:
+
+A subclass representing the test function should be added, deriving from a
+file target such as BignumTarget. This test class must set/implement the
+following:
+ - test_function: the function name from the associated .function file.
+ - test_name: a descriptive name or brief summary to refer to the test
+ function.
+ - arguments(): a method to generate the list of arguments required for the
+ test_function.
+ - generate_function_test(): a method to generate TestCases for the function.
+ This should create instances of the class with required input data, and
+ call `.create_test_case()` to yield the TestCase.
+
+Additional details and other attributes/methods are given in the documentation
+of BaseTarget in test_generation.py.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import itertools
+import sys
+import typing
+
+from abc import ABCMeta, abstractmethod
+from typing import Iterator, List, Tuple, TypeVar
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import test_case
+from mbedtls_dev import test_generation
+
+T = TypeVar('T') #pylint: disable=invalid-name
+
+def hex_to_int(val: str) -> int:
+ return int(val, 16) if val else 0
+
+def quote_str(val) -> str:
+ return "\"{}\"".format(val)
+
+def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
+ """Return all pair combinations from input values.
+
+ The return value is cast, as older versions of mypy are unable to derive
+ the specific type returned by itertools.combinations_with_replacement.
+ """
+ return typing.cast(
+ List[Tuple[T, T]],
+ list(itertools.combinations_with_replacement(values, 2))
+ )
+
+
+class BignumTarget(test_generation.BaseTarget, metaclass=ABCMeta):
+ #pylint: disable=abstract-method
+ """Target for bignum (mpi) test case generation."""
+ target_basename = 'test_suite_mpi.generated'
+
+
+class BignumOperation(BignumTarget, metaclass=ABCMeta):
+ """Common features for bignum binary operations.
+
+ This adds functionality common in binary operation tests. This includes
+ generation of case descriptions, using descriptions of values and symbols
+ to represent the operation or result.
+
+ Attributes:
+ symbol: Symbol used for the operation in case description.
+ input_values: List of values to use as test case inputs. These are
+ combined to produce pairs of values.
+ input_cases: List of tuples containing pairs of test case inputs. This
+ can be used to implement specific pairs of inputs.
+ """
+ symbol = ""
+ input_values = [
+ "", "0", "7b", "-7b",
+ "0000000000000000123", "-0000000000000000123",
+ "1230000000000000000", "-1230000000000000000"
+ ] # type: List[str]
+ input_cases = [] # type: List[Tuple[str, str]]
+
+ def __init__(self, val_a: str, val_b: str) -> None:
+ self.arg_a = val_a
+ self.arg_b = val_b
+ self.int_a = hex_to_int(val_a)
+ self.int_b = hex_to_int(val_b)
+
+ def arguments(self) -> List[str]:
+ return [quote_str(self.arg_a), quote_str(self.arg_b), self.result()]
+
+ def description(self) -> str:
+ """Generate a description for the test case.
+
+ If not set, case_description uses the form A `symbol` B, where symbol
+ is used to represent the operation. Descriptions of each value are
+ generated to provide some context to the test case.
+ """
+ if not self.case_description:
+ self.case_description = "{} {} {}".format(
+ self.value_description(self.arg_a),
+ self.symbol,
+ self.value_description(self.arg_b)
+ )
+ return super().description()
+
+ @abstractmethod
+ def result(self) -> str:
+ """Get the result of the operation.
+
+ This could be calculated during initialization and stored as `_result`
+ and then returned, or calculated when the method is called.
+ """
+ raise NotImplementedError
+
+ @staticmethod
+ def value_description(val) -> str:
+ """Generate a description of the argument val.
+
+ This produces a simple description of the value, which is used in test
+ case naming to add context.
+ """
+ if val == "":
+ return "0 (null)"
+ if val == "0":
+ return "0 (1 limb)"
+
+ if val[0] == "-":
+ tmp = "negative"
+ val = val[1:]
+ else:
+ tmp = "positive"
+ if val[0] == "0":
+ tmp += " with leading zero limb"
+ elif len(val) > 10:
+ tmp = "large " + tmp
+ return tmp
+
+ @classmethod
+ def get_value_pairs(cls) -> Iterator[Tuple[str, str]]:
+ """Generator to yield pairs of inputs.
+
+ Combinations are first generated from all input values, and then
+ specific cases provided.
+ """
+ yield from combination_pairs(cls.input_values)
+ yield from cls.input_cases
+
+ @classmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ for a_value, b_value in cls.get_value_pairs():
+ cur_op = cls(a_value, b_value)
+ yield cur_op.create_test_case()
+
+
+class BignumCmp(BignumOperation):
+ """Test cases for bignum value comparison."""
+ count = 0
+ test_function = "mbedtls_mpi_cmp_mpi"
+ test_name = "MPI compare"
+ input_cases = [
+ ("-2", "-3"),
+ ("-2", "-2"),
+ ("2b4", "2b5"),
+ ("2b5", "2b6")
+ ]
+
+ def __init__(self, val_a, val_b) -> None:
+ super().__init__(val_a, val_b)
+ self._result = int(self.int_a > self.int_b) - int(self.int_a < self.int_b)
+ self.symbol = ["<", "==", ">"][self._result + 1]
+
+ def result(self) -> str:
+ return str(self._result)
+
+
+class BignumCmpAbs(BignumCmp):
+ """Test cases for absolute bignum value comparison."""
+ count = 0
+ test_function = "mbedtls_mpi_cmp_abs"
+ test_name = "MPI compare (abs)"
+
+ def __init__(self, val_a, val_b) -> None:
+ super().__init__(val_a.strip("-"), val_b.strip("-"))
+
+
+class BignumAdd(BignumOperation):
+ """Test cases for bignum value addition."""
+ count = 0
+ symbol = "+"
+ test_function = "mbedtls_mpi_add_mpi"
+ test_name = "MPI add"
+ input_cases = combination_pairs(
+ [
+ "1c67967269c6", "9cde3",
+ "-1c67967269c6", "-9cde3",
+ ]
+ )
+
+ def result(self) -> str:
+ return quote_str("{:x}".format(self.int_a + self.int_b))
+
+if __name__ == '__main__':
+ # Use the section of the docstring relevant to the CLI as description
+ test_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4]))
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 3d23edd..c788fd7 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -20,22 +20,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-import argparse
import enum
-import os
-import posixpath
import re
import sys
-from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional, TypeVar
+from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import build_tree
from mbedtls_dev import crypto_knowledge
from mbedtls_dev import macro_collector
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
-
-T = TypeVar('T') #pylint: disable=invalid-name
+from mbedtls_dev import test_generation
def psa_want_symbol(name: str) -> str:
@@ -897,35 +892,11 @@
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
-class TestGenerator:
- """Generate test data."""
-
- def __init__(self, options) -> None:
- self.test_suite_directory = self.get_option(options, 'directory',
- 'tests/suites')
- self.info = Information()
-
- @staticmethod
- def get_option(options, name: str, default: T) -> T:
- value = getattr(options, name, None)
- return default if value is None else value
-
- def filename_for(self, basename: str) -> str:
- """The location of the data file with the specified base name."""
- return posixpath.join(self.test_suite_directory, basename + '.data')
-
- def write_test_data_file(self, basename: str,
- test_cases: Iterable[test_case.TestCase]) -> None:
- """Write the test cases to a .data file.
-
- The output file is ``basename + '.data'`` in the test suite directory.
- """
- filename = self.filename_for(basename)
- test_case.write_data_file(filename, test_cases)
-
+class PSATestGenerator(test_generation.TestGenerator):
+ """Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
# validated by `abi_check.py`.
- TARGETS = {
+ targets = {
'test_suite_psa_crypto_generate_key.generated':
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
@@ -938,44 +909,12 @@
lambda info: StorageFormatV0(info).all_test_cases(),
} #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
- def generate_target(self, name: str) -> None:
- test_cases = self.TARGETS[name](self.info)
- self.write_test_data_file(name, test_cases)
+ def __init__(self, options):
+ super().__init__(options)
+ self.info = Information()
-def main(args):
- """Command line entry point."""
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--list', action='store_true',
- help='List available targets and exit')
- parser.add_argument('--list-for-cmake', action='store_true',
- help='Print \';\'-separated list of available targets and exit')
- parser.add_argument('--directory', metavar='DIR',
- help='Output directory (default: tests/suites)')
- parser.add_argument('targets', nargs='*', metavar='TARGET',
- help='Target file to generate (default: all; "-": none)')
- options = parser.parse_args(args)
- build_tree.chdir_to_root()
- generator = TestGenerator(options)
- if options.list:
- for name in sorted(generator.TARGETS):
- print(generator.filename_for(name))
- return
- # List in a cmake list format (i.e. ';'-separated)
- if options.list_for_cmake:
- print(';'.join(generator.filename_for(name)
- for name in sorted(generator.TARGETS)), end='')
- return
- if options.targets:
- # Allow "-" as a special case so you can run
- # ``generate_psa_tests.py - $targets`` and it works uniformly whether
- # ``$targets`` is empty or not.
- options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
- for target in options.targets
- if target != '-']
- else:
- options.targets = sorted(generator.TARGETS)
- for target in options.targets:
- generator.generate_target(target)
+ def generate_target(self, name: str, *target_args) -> None:
+ super().generate_target(name, self.info)
if __name__ == '__main__':
- main(sys.argv[1:])
+ test_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/src/certs.c b/tests/src/certs.c
index 5516026..ca03b29 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -23,7 +23,7 @@
#include "mbedtls/build_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/*
* Test CA Certificates
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2610ccd..f51d945 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -419,6 +419,73 @@
*) PSK_ONLY="NO";;
esac
+HAS_ALG_SHA_1="NO"
+HAS_ALG_SHA_224="NO"
+HAS_ALG_SHA_256="NO"
+HAS_ALG_SHA_384="NO"
+HAS_ALG_SHA_512="NO"
+
+check_for_hash_alg()
+{
+ CURR_ALG="INVALID";
+ USE_PSA="NO"
+ case $CONFIGS_ENABLED in
+ *" MBEDTLS_USE_PSA_CRYPTO"[\ =]*)
+ USE_PSA="YES";
+ ;;
+ *) :;;
+ esac
+ if [ $USE_PSA = "YES" ]; then
+ CURR_ALG=PSA_WANT_ALG_${1}
+ else
+ CURR_ALG=MBEDTLS_${1}_C
+ # Remove the second underscore to match MBEDTLS_* naming convention
+ CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2')
+ fi
+
+ case $CONFIGS_ENABLED in
+ *" $CURR_ALG"[\ =]*)
+ return 0
+ ;;
+ *) :;;
+ esac
+ return 1
+}
+
+populate_enabled_hash_algs()
+{
+ for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512; do
+ if check_for_hash_alg "$hash_alg"; then
+ hash_alg_variable=HAS_ALG_${hash_alg}
+ eval ${hash_alg_variable}=YES
+ fi
+ done
+}
+
+# skip next test if the given hash alg is not supported
+requires_hash_alg() {
+ HASH_DEFINE="Invalid"
+ HAS_HASH_ALG="NO"
+ case $1 in
+ SHA_1):;;
+ SHA_224):;;
+ SHA_256):;;
+ SHA_384):;;
+ SHA_512):;;
+ *)
+ echo "Unsupported hash alg - $1"
+ exit 1
+ ;;
+ esac
+
+ HASH_DEFINE=HAS_ALG_${1}
+ eval "HAS_HASH_ALG=\${${HASH_DEFINE}}"
+ if [ "$HAS_HASH_ALG" = "NO" ]
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -1478,6 +1545,8 @@
get_options "$@"
+populate_enabled_hash_algs
+
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
# patterns rather than regular expressions, use a case statement instead
# of calling grep. To keep the optimizer simple, it is incomplete and only
@@ -1628,7 +1697,7 @@
# - the expected parameters are selected
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
-requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
+requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
run_test "Default" \
"$P_SRV debug_level=3" \
@@ -1676,7 +1745,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV auth_mode=required" \
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
@@ -1685,7 +1754,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
"$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
"$P_CLI" \
@@ -1695,7 +1764,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV \
key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \
@@ -1717,7 +1786,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "CA callback on server" \
"$P_SRV auth_mode=required" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
@@ -1733,7 +1802,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-ECDSA" \
"$P_SRV auth_mode=required crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
@@ -1753,7 +1822,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key" \
@@ -1771,7 +1840,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: DHE-RSA" \
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key" \
@@ -1791,7 +1860,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
@@ -1808,7 +1877,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDH-" \
"$P_SRV force_version=tls12 auth_mode=required key_opaque=1\
crt_file=data_files/server5.ku-ka.crt\
@@ -1826,8 +1895,44 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key" \
+requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
+ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ debug_level=1" \
+ "$P_CLI" \
+ 1 \
+ -s "key types: Opaque, none" \
+ -s "error" \
+ -c "error" \
+ -c "Public key type mismatch"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
+ "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key key_opaque_algs=ecdh,none \
+ debug_level=1" \
+ "$P_CLI" \
+ 1 \
+ -s "key types: Opaque, none" \
+ -s "error" \
+ -c "error" \
+ -c "Public key type mismatch"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
@@ -1843,8 +1948,9 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key" \
+requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
@@ -1859,7 +1965,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_CCM_C
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
@@ -1876,7 +1982,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
@@ -1897,7 +2003,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
@@ -1918,7 +2024,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_enabled MBEDTLS_CCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
@@ -1942,7 +2048,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -1960,7 +2066,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -1977,7 +2083,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-PSK" \
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
psk=abc123 psk_identity=foo" \
@@ -1995,7 +2101,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-" \
"$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \
@@ -2012,7 +2118,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
@@ -2029,7 +2135,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: RSA keys with different algs" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
@@ -2051,7 +2157,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_enabled MBEDTLS_GCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
@@ -2074,7 +2180,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
@@ -2096,7 +2202,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -2117,7 +2223,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: DHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -2313,40 +2419,6 @@
"$P_CLI tls13_kex_modes=all" \
0
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-run_test "TLS 1.3: PSK: basic check, O->m" \
- "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
- "$O_NEXT_CLI -tls1_3 -psk 1234 -psk 6162636465666768696a6b6c6d6e6f70 -allow_no_dhe_kex" \
- 1 \
- -s "found psk key exchange modes extension" \
- -s "found pre_shared_key extension" \
- -s "Found PSK_EPHEMERAL KEX MODE" \
- -s "Found PSK KEX MODE" \
- -s "Pre shared key found"
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-run_test "TLS 1.3: PSK: basic check, G->m" \
- "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
- "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \
- --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
- localhost" \
- 1 \
- -s "found psk key exchange modes extension" \
- -s "found pre_shared_key extension" \
- -s "Found PSK_EPHEMERAL KEX MODE" \
- -s "Found PSK KEX MODE" \
- -s "Pre shared key found"
-
# Tests for datagram packing
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client and server" \
@@ -8596,7 +8668,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the client side" \
@@ -8610,7 +8682,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the server side" \
@@ -8622,7 +8694,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the client side" \
@@ -8636,7 +8708,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the server side" \
@@ -9174,7 +9246,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
@@ -9411,7 +9483,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_CHACHAPOLY_C
@@ -9444,7 +9516,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9478,7 +9550,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9512,7 +9584,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9547,7 +9619,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -12024,7 +12096,7 @@
run_test "TLS 1.3, default suite, PSK" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -12039,7 +12111,7 @@
run_test "TLS 1.3, default suite, PSK - openssl" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -12684,13 +12756,13 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
- "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache " \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \
+ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3
@@ -12699,23 +12771,28 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
- "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
+ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
- -c "HTTP/1.0 200 OK"
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -s "This is a resumed session"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+# https://github.com/openssl/openssl/issues/10714
+# Until now, OpenSSL client does not support reconnect.
+skip_next_test
run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
- "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
+ "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
0 \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
@@ -12726,14 +12803,19 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
- "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE -V" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
0 \
+ -c "Connecting again- trying to resume previous session" \
+ -c "NEW SESSION TICKET (4) was received" \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \
- -c "NEW SESSION TICKET (4) was received"
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
@@ -12741,17 +12823,21 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
- -c "got new session ticket." \
+ -c "got new session ticket ( 3 )" \
-c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"
+ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
+
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 5ab265a..10e53c2 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -358,7 +358,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index cc18d5b..3d318c8 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -7,7 +7,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void camellia_invalid_param( )
{
mbedtls_camellia_context ctx;
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index dd5226c..37468df 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -304,7 +304,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void cipher_invalid_param_conditional( )
{
mbedtls_cipher_context_t valid_ctx;
@@ -313,8 +313,6 @@
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
- const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *( mbedtls_cipher_list() ) );
TEST_EQUAL(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index a8b1e45..e82f39d 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,11 +1,11 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdsa.h"
-#include "legacy_or_psa.h"
+#include "hash_info.h"
+#include "mbedtls/legacy_or_psa.h"
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) )
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
#endif
-#define MBEDTLS_TEST_HASH_MAX_SIZE 64
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -20,7 +20,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
@@ -52,7 +52,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 449b368..47c25e3 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/ecjpake.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
static const unsigned char ecjpake_test_x1[] = {
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 5332c07..4c0ed1c 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -309,6 +309,58 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
+Check ECP group metadata #1 secp192k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192K1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffeffffee37":"000000000000000000000000000000000000000000000000":"000000000000000000000000000000000000000000000003":"db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d":"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d":"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":18
+
+Check ECP group metadata #2 secp192r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192R1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffeffffffffffffffff":"":"64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1":"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012":"07192b95ffc8da78631011ed6b24cdd573f977a11e794811":"ffffffffffffffffffffffff99def836146bc9b1b4d22831":19
+
+Check ECP group metadata #3 secp224k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224K1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":"00000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000005":"a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c":"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5":"010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":20
+
+Check ECP group metadata #4 secp224r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224R1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffffffffffffffffffffffffffff000000000000000000000001":"":"b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4":"b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21":"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":21
+
+Check ECP group metadata #5 secp256k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256K1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":"0000000000000000000000000000000000000000000000000000000000000000":"0000000000000000000000000000000000000000000000000000000000000007":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798":"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":22
+
+Check ECP group metadata #6 secp256r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":"":"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b":"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296":"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":23
+
+Check ECP group metadata #7 secp384r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":"":"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef":"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7":"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":24
+
+Check ECP group metadata #8 secp521r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP521R1:521:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":"0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00":"00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66":"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":25
+
+Check ECP group metadata #9 bp256r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":"7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9":"26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6":"8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262":"547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":26
+
+Check ECP group metadata #10 bp384r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":"7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826":"04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11":"1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e":"8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565":27
+
+Check ECP group metadata #11 bp512r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP512R1:512:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":"7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca":"3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723":"81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822":"7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":28
+
+Check ECP group metadata #12 curve25519 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE25519:256:MBEDTLS_ECP_TYPE_MONTGOMERY:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"76d06":"":"9":"":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":29
+
+Check ECP group metadata #13 curve448 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE448:448:MBEDTLS_ECP_TYPE_MONTGOMERY:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"262a6":"":"5":"":"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":30
+
ECP tls read group #1 (record too short)
mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 65c7067..42d69b4 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1,5 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecdh.h"
#include "ecp_invasive.h"
@@ -788,6 +790,124 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
+void mbedtls_ecp_group_metadata( int id, int bit_size, int crv_type,
+ char* P, char* A, char* B,
+ char* G_x, char* G_y, char* N,
+ int tls_id )
+{
+ mbedtls_ecp_group grp, grp_read, grp_cpy;
+ const mbedtls_ecp_group_id *g_id;
+ mbedtls_ecp_group_id read_g_id;
+ const mbedtls_ecp_curve_info *crv, *crv_tls_id, *crv_name;
+
+ mbedtls_mpi exp_P, exp_A, exp_B, exp_G_x, exp_G_y, exp_N;
+
+ unsigned char buf[3], ecparameters[3] = { 3, 0, tls_id };
+ const unsigned char *vbuf = buf;
+ size_t olen;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init( &grp_read );
+ mbedtls_ecp_group_init( &grp_cpy );
+
+ mbedtls_mpi_init( &exp_P );
+ mbedtls_mpi_init( &exp_A );
+ mbedtls_mpi_init( &exp_B );
+ mbedtls_mpi_init( &exp_G_x );
+ mbedtls_mpi_init( &exp_G_y );
+ mbedtls_mpi_init( &exp_N );
+
+ // Read expected parameters
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_P, P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_A, A ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_x, G_x ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_N, N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_B, B ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_y, G_y ), 0 );
+
+ // Convert exp_A to internal representation (A+2)/4
+ if( crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ TEST_EQUAL( mbedtls_mpi_add_int( &exp_A, &exp_A, 2 ), 0 );
+ TEST_EQUAL( mbedtls_mpi_div_int( &exp_A, NULL, &exp_A, 4 ), 0 );
+ }
+
+ // Load group
+ TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+
+ // Compare group with expected parameters
+ // A is NULL for SECPxxxR1 curves
+ // B and G_y are NULL for curve25519 and curve448
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_P, &grp.P ), 0 );
+ if( *A != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_A, &grp.A ), 0 );
+ if( *B != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_B, &grp.B ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_x, &grp.G.X ), 0 );
+ if( *G_y != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_y, &grp.G.Y ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_N, &grp.N ), 0 );
+
+ // Load curve info and compare with known values
+ crv = mbedtls_ecp_curve_info_from_grp_id( id );
+ TEST_EQUAL( crv->grp_id, id );
+ TEST_EQUAL( crv->bit_size, bit_size );
+ TEST_EQUAL( crv->tls_id, tls_id );
+
+ // Load curve from TLS ID and name, and compare IDs
+ crv_tls_id = mbedtls_ecp_curve_info_from_tls_id( crv->tls_id );
+ crv_name = mbedtls_ecp_curve_info_from_name( crv->name );
+ TEST_EQUAL( crv_tls_id->grp_id, id );
+ TEST_EQUAL( crv_name->grp_id, id );
+
+ // Validate write_group against test data
+ TEST_EQUAL( mbedtls_ecp_tls_write_group( &grp, &olen,
+ buf, sizeof( buf ) ),
+ 0 );
+ TEST_EQUAL( mbedtls_test_hexcmp( buf, ecparameters, olen,
+ sizeof( ecparameters ) ),
+ 0 );
+
+ // Read group from buffer and compare with expected ID
+ TEST_EQUAL( mbedtls_ecp_tls_read_group_id( &read_g_id, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( read_g_id, id );
+ vbuf = buf;
+ TEST_EQUAL( mbedtls_ecp_tls_read_group( &grp_read, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( grp_read.id, id );
+
+ // Check curve type, and if it can be used for ECDH/ECDSA
+ TEST_EQUAL( mbedtls_ecp_get_type( &grp ), crv_type );
+ TEST_EQUAL( mbedtls_ecdh_can_do( id ), 1 );
+ TEST_EQUAL( mbedtls_ecdsa_can_do( id ),
+ crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+
+ // Copy group and compare with original
+ TEST_EQUAL( mbedtls_ecp_group_copy( &grp_cpy, &grp ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &grp, &grp_cpy ), 0 );
+
+ // Check curve is in curve list and group ID list
+ for( crv = mbedtls_ecp_curve_list( );
+ crv->grp_id != MBEDTLS_ECP_DP_NONE &&
+ crv->grp_id != (unsigned) id;
+ crv++ );
+ TEST_EQUAL( crv->grp_id, id );
+ for( g_id = mbedtls_ecp_grp_id_list( );
+ *g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
+ g_id++ );
+ TEST_EQUAL( *g_id, (unsigned) id );
+
+exit:
+ mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp_cpy );
+ mbedtls_ecp_group_free( &grp_read );
+ mbedtls_mpi_free( &exp_P ); mbedtls_mpi_free( &exp_A );
+ mbedtls_mpi_free( &exp_B ); mbedtls_mpi_free( &exp_G_x );
+ mbedtls_mpi_free( &exp_G_y ); mbedtls_mpi_free( &exp_N );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
{
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 5696679..ea8d6a0 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -411,7 +411,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void gcm_invalid_param( )
{
mbedtls_gcm_context ctx;
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 33a9131..b06f524 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -3,7 +3,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index f4ac368..6328247 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -3,7 +3,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index e8cc076..3dc2b8b 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,3 +1,6 @@
+PK invalid parameters
+pk_invalid_param:
+
PK valid parameters
valid_parameters:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 9c04560..beb3e7c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -8,7 +8,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <limits.h>
#include <stdint.h>
@@ -300,6 +300,53 @@
/* END_CASE */
/* BEGIN_CASE */
+void pk_invalid_param()
+{
+ mbedtls_pk_context ctx;
+ mbedtls_pk_type_t pk_type = 0;
+ unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ size_t buf_size = sizeof( buf );
+
+ mbedtls_pk_init( &ctx );
+
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( pk_type, NULL,
+ &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( pk_type, NULL,
+ &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size, &buf_size,
+ NULL, NULL,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size, &buf_size,
+ NULL, NULL,
+ NULL ) );
+exit:
+ mbedtls_pk_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void valid_parameters( )
{
mbedtls_pk_context pk;
diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data
index a8c4bab..601b5bb 100644
--- a/tests/suites/test_suite_pkcs12.data
+++ b/tests/suites/test_suite_pkcs12.data
@@ -1,35 +1,35 @@
PKCS#12 derive key : MD5: Zero length password and hash
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
PKCS#12 derive key: MD5: NULL password and hash
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"":USE_NULL_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
PKCS#12 derive key: MD5: Zero length password
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
PKCS#12 derive key: MD5: NULL password
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
PKCS#12 derive key: MD5: Invalid length NULL password
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
PKCS#12 derive key: MD5: Zero length salt
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
PKCS#12 derive key: MD5: NULL salt
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_NULL_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
PKCS#12 derive key: MD5: Invalid length NULL salt
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_NULL_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
PKCS#12 derive key: MD5: Valid password and salt
-depends_on:MBEDTLS_MD5_C
+depends_on:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 54dc042..841bd1d 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -2,6 +2,8 @@
#include "mbedtls/pkcs12.h"
#include "common.h"
+#include "mbedtls/legacy_or_psa.h"
+
typedef enum
{
USE_NULL_INPUT = 0,
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 463e401..0fad7c6 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/md.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index a7e93aa..593c047 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/rsa.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index 65043a4..3f78b88 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -1,213 +1,213 @@
PBKDF2 RFC 6070 Test Vector #1 (SHA1)
-depends_on:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA1:"70617373776f7264":"73616c74":1:20:"0c60c80f961f0e71f3a9b524af6012062fe037a6"
PBKDF2 RFC 6070 Test Vector #2 (SHA1)
-depends_on:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA1:"70617373776f7264":"73616c74":2:20:"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
PBKDF2 RFC 6070 Test Vector #3 (SHA1)
-depends_on:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA1:"70617373776f7264":"73616c74":4096:20:"4b007901b765489abead49d926f721d065a429c1"
PBKDF2 RFC 6070 Test Vector #5 (SHA1)
-depends_on:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
PBKDF2 RFC 6070 Test Vector #6 (SHA1)
-depends_on:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
PBKDF2 Python hashlib Test Vector #1 (SHA224)
-depends_on:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e"
PBKDF2 Python hashlib Test Vector #2 (SHA224)
-depends_on:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971"
PBKDF2 Python hashlib Test Vector #3 (SHA224)
-depends_on:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60"
PBKDF2 Python hashlib Test Vector #5 (SHA224)
-depends_on:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057"
PBKDF2 Python hashlib Test Vector #6 (SHA224)
-depends_on:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c"
PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"706173737764":"73616c74":1:64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783"
PBKDF2 RFC 7914 Sec 11 Test Vector #2 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"50617373776f7264":"4e61436c":80000:64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d"
PBKDF2 Python hashlib Test Vector #1 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":1:20:"120fb6cffcf8b32c43e7225256c4f837a86548c9"
PBKDF2 Python hashlib Test Vector #2 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":2:20:"ae4d0c95af6b46d32d0adff928f06dd02a303f8e"
PBKDF2 Python hashlib Test Vector #3 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":4096:20:"c5e478d59288c841aa530db6845c4c8d962893a0"
PBKDF2 Python hashlib Test Vector #5 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c"
PBKDF2 Python hashlib Test Vector #6 (SHA256)
-depends_on:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687"
PBKDF2 Python hashlib Test Vector #1 (SHA384)
-depends_on:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923"
PBKDF2 Python hashlib Test Vector #2 (SHA384)
-depends_on:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918"
PBKDF2 Python hashlib Test Vector #3 (SHA384)
-depends_on:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c"
PBKDF2 Python hashlib Test Vector #5 (SHA384)
-depends_on:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b"
PBKDF2 Python hashlib Test Vector #6 (SHA384)
-depends_on:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3"
PBKDF2 Python hashlib Test Vector #1 (SHA512)
-depends_on:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":1:20:"867f70cf1ade02cff3752599a3a53dc4af34c7a6"
PBKDF2 Python hashlib Test Vector #2 (SHA512)
-depends_on:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":2:20:"e1d9c16aa681708a45f5c7c4e215ceb66e011a2e"
PBKDF2 Python hashlib Test Vector #3 (SHA512)
-depends_on:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":4096:20:"d197b1b33db0143e018b12f3d1d1479e6cdebdcc"
PBKDF2 Python hashlib Test Vector #5 (SHA512)
-depends_on:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868"
PBKDF2 Python hashlib Test Vector #6 (SHA512)
-depends_on:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665"
PBES2 Decrypt (OK)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad params tag)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_SEQUENCE:"":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: not a sequence)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (KDF != PBKDF2)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad PBKDF2 params: not a sequence)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params salt: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params iter: not an int)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params iter: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad, PBKDF2 params extra data)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
PBES2 Decrypt (bad enc_scheme_alg: not a sequence)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad enc_scheme_alg: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg: unknown oid)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad enc_scheme_alg params: overlong)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad password)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad iter value)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PKCS#5 Selftest
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 0b0c937..7b7ed3d 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs5.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -11,24 +12,16 @@
void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str,
int it_cnt, int key_len, data_t * result_key_string )
{
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *info;
-
unsigned char key[100];
- mbedtls_md_init( &ctx );
-
- info = mbedtls_md_info_from_type( hash );
- TEST_ASSERT( info != NULL );
- TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 );
- TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
- it_cnt, key_len, key ) == 0 );
+ PSA_INIT_IF_NO_MD();
+ TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac_ext( hash, pw_str->x, pw_str->len,
+ salt_str->x, salt_str->len,
+ it_cnt, key_len, key ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x,
key_len, result_key_string->len ) == 0 );
-
-exit:
- mbedtls_md_free( &ctx );
+ PSA_DONE_IF_NO_MD();
}
/* END_CASE */
@@ -40,6 +33,8 @@
mbedtls_asn1_buf params;
unsigned char *my_out = NULL;
+ PSA_INIT_IF_NO_MD();
+
params.tag = params_tag;
params.p = params_hex->x;
params.len = params_hex->len;
@@ -55,6 +50,7 @@
exit:
mbedtls_free( my_out );
+ PSA_DONE_IF_NO_MD();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 7bf5f92..a493325 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -75,819 +75,819 @@
pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0
Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTest":0
Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTest":0
Parse RSA Key #21.1 (PKCS#8 encrypted SHA1-3DES, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #21.2 (PKCS#8 encrypted SHA1-3DES, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.der":"PolarSSLTest":0
Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0
Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSSLTest":0
Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSSLTest":0
Parse RSA Key #27.1 (PKCS#8 encrypted SHA1-2DES, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #27.2 (PKCS#8 encrypted SHA1-2DES, 2048-bit no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0
Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.der":"PolarSSLTest":0
Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0
Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0
Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTest":0
Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTest":0
Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTest":0
Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTest":0
Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTest":0
Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0
Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTest":0
Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTest":0
Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0
Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA224_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse Public RSA Key #1 (PKCS#8 wrapped)
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 0a77988..c5e60ee 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -2,7 +2,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -17,6 +17,7 @@
int res;
char *pwd = password;
+ PSA_INIT_IF_NO_MD();
mbedtls_pk_init( &ctx );
if( strcmp( pwd, "NULL" ) == 0 )
@@ -37,6 +38,7 @@
exit:
mbedtls_pk_free( &ctx );
+ PSA_DONE_IF_NO_MD();
}
/* END_CASE */
@@ -46,6 +48,7 @@
mbedtls_pk_context ctx;
int res;
+ PSA_INIT_IF_NO_MD();
mbedtls_pk_init( &ctx );
res = mbedtls_pk_parse_public_keyfile( &ctx, key_file );
@@ -62,6 +65,7 @@
exit:
mbedtls_pk_free( &ctx );
+ PSA_DONE_IF_NO_MD();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 1182c00..c8b229c 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -6445,3 +6445,107 @@
PSA derive persistent key: HKDF SHA-256, exportable
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
+
+PSA PAKE: invalid alg
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:0:0
+
+PSA PAKE: invalid primitive type
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0
+
+PSA PAKE: invalid primitive family
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0
+
+PSA PAKE: invalid primitive bits
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0
+
+PSA PAKE: invalid hash
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0
+
+PSA PAKE: ecjpake setup server output step first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":0:0:0:0
+
+PSA PAKE: ecjpake setup server input step first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":0:0:0:0
+
+PSA PAKE: ecjpake setup server empty password
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":0:0:0:PSA_ERROR_BAD_STATE
+
+PSA PAKE: ecjpake setup client output step first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:0:0
+
+PSA PAKE: ecjpake setup client input step first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:1:"abcd":0:0:0:0
+
+PSA PAKE: ecjpake setup client empty password
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":0:0:0:PSA_ERROR_BAD_STATE
+
+PSA PAKE: ecjpake setup client bad password key type
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA PAKE: ecjpake setup client bad password key usage
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:PSA_ERROR_NOT_PERMITTED:0
+
+PSA PAKE: ecjpake setup invalid role NONE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":0:PSA_ERROR_NOT_SUPPORTED:0:0
+
+PSA PAKE: ecjpake rounds
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0
+
+PSA PAKE: ecjpake rounds, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1
+
+PSA PAKE: ecjpake no input errors
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef"
+
+PSA PAKE: ecjpake no input errors, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, first round client
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, first round client, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, first round server
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, first round server, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, second round client
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, second round client, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, second round server
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef"
+
+PSA PAKE: ecjpake inject input errors, second round server, client input first
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 7d368cf..c74acf6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -705,6 +705,570 @@
return( test_ok );
}
+#if defined(PSA_WANT_ALG_JPAKE)
+static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
+ psa_pake_operation_t *server,
+ psa_pake_operation_t *client,
+ int client_input_first,
+ int round, int inject_error )
+{
+ unsigned char *buffer0 = NULL, *buffer1 = NULL;
+ size_t buffer_length = (
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) +
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) +
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2;
+ size_t buffer0_off = 0;
+ size_t buffer1_off = 0;
+ size_t s_g1_len, s_g2_len, s_a_len;
+ size_t s_g1_off, s_g2_off, s_a_off;
+ size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len;
+ size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off;
+ size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len;
+ size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off;
+ size_t c_g1_len, c_g2_len, c_a_len;
+ size_t c_g1_off, c_g2_off, c_a_off;
+ size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len;
+ size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off;
+ size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len;
+ size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off;
+ psa_status_t expected_status = PSA_SUCCESS;
+ psa_status_t status;
+
+ ASSERT_ALLOC( buffer0, buffer_length );
+ ASSERT_ALLOC( buffer1, buffer_length );
+
+ switch( round )
+ {
+ case 1:
+ /* Server first round Output */
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_g1_len ) );
+ s_g1_off = buffer0_off;
+ buffer0_off += s_g1_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x1_pk_len ) );
+ s_x1_pk_off = buffer0_off;
+ buffer0_off += s_x1_pk_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x1_pr_len ) );
+ s_x1_pr_off = buffer0_off;
+ buffer0_off += s_x1_pr_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_g2_len ) );
+ s_g2_off = buffer0_off;
+ buffer0_off += s_g2_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2_pk_len ) );
+ s_x2_pk_off = buffer0_off;
+ buffer0_off += s_x2_pk_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2_pr_len ) );
+ s_x2_pr_off = buffer0_off;
+ buffer0_off += s_x2_pr_len;
+
+ if( inject_error == 1 )
+ {
+ buffer0[s_x1_pk_off + 8] >>= 4;
+ buffer0[s_x2_pk_off + 7] <<= 4;
+ expected_status = PSA_ERROR_DATA_INVALID;
+ }
+
+ /*
+ * When injecting errors in inputs, the implementation is
+ * free to detect it right away of with a delay.
+ * This permits delaying the error until the end of the input
+ * sequence, if no error appears then, this will be treated
+ * as an error.
+ */
+
+ if( client_input_first == 1 )
+ {
+ /* Client first round Input */
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g1_off, s_g1_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x1_pk_off,
+ s_x1_pk_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x1_pr_off,
+ s_x1_pr_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g2_off,
+ s_g2_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2_pk_off,
+ s_x2_pk_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2_pr_off,
+ s_x2_pr_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 1 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+ }
+
+ /* Client first round Output */
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_g1_len ) );
+ c_g1_off = buffer1_off;
+ buffer1_off += c_g1_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x1_pk_len ) );
+ c_x1_pk_off = buffer1_off;
+ buffer1_off += c_x1_pk_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x1_pr_len ) );
+ c_x1_pr_off = buffer1_off;
+ buffer1_off += c_x1_pr_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_g2_len ) );
+ c_g2_off = buffer1_off;
+ buffer1_off += c_g2_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2_pk_len ) );
+ c_x2_pk_off = buffer1_off;
+ buffer1_off += c_x2_pk_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2_pr_len ) );
+ c_x2_pr_off = buffer1_off;
+ buffer1_off += c_x2_pr_len;
+
+ if( client_input_first == 0 )
+ {
+ /* Client first round Input */
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g1_off, s_g1_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x1_pk_off,
+ s_x1_pk_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x1_pr_off,
+ s_x1_pr_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g2_off,
+ s_g2_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2_pk_off,
+ s_x2_pk_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2_pr_off,
+ s_x2_pr_len );
+ if( inject_error == 1 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 1 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+ }
+
+ if( inject_error == 2 )
+ {
+ buffer1[c_x1_pk_off + 12] >>= 4;
+ buffer1[c_x2_pk_off + 7] <<= 4;
+ expected_status = PSA_ERROR_DATA_INVALID;
+ }
+
+ /* Server first round Input */
+ status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_g1_off, c_g1_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x1_pk_off, c_x1_pk_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x1_pr_off, c_x1_pr_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_g2_off, c_g2_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x2_pk_off, c_x2_pk_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x2_pr_off, c_x2_pr_len );
+ if( inject_error == 2 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 2 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+
+ break;
+
+ case 2:
+ /* Server second round Output */
+ buffer0_off = 0;
+
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_a_len ) );
+ s_a_off = buffer0_off;
+ buffer0_off += s_a_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2s_pk_len ) );
+ s_x2s_pk_off = buffer0_off;
+ buffer0_off += s_x2s_pk_len;
+ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2s_pr_len ) );
+ s_x2s_pr_off = buffer0_off;
+ buffer0_off += s_x2s_pr_len;
+
+ if( inject_error == 3 )
+ {
+ buffer0[s_x2s_pk_off + 12] += 0x33;
+ expected_status = PSA_ERROR_DATA_INVALID;
+ }
+
+ if( client_input_first == 1 )
+ {
+ /* Client second round Input */
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_a_off, s_a_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2s_pk_off,
+ s_x2s_pk_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2s_pr_off,
+ s_x2s_pr_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 3 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+ }
+
+ /* Client second round Output */
+ buffer1_off = 0;
+
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_a_len ) );
+ c_a_off = buffer1_off;
+ buffer1_off += c_a_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2s_pk_len ) );
+ c_x2s_pk_off = buffer1_off;
+ buffer1_off += c_x2s_pk_len;
+ PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2s_pr_len ) );
+ c_x2s_pr_off = buffer1_off;
+ buffer1_off += c_x2s_pr_len;
+
+ if( client_input_first == 0 )
+ {
+ /* Client second round Input */
+ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_a_off, s_a_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2s_pk_off,
+ s_x2s_pk_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2s_pr_off,
+ s_x2s_pr_len );
+ if( inject_error == 3 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 3 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+ }
+
+ if( inject_error == 4 )
+ {
+ buffer1[c_x2s_pk_off + 7] += 0x28;
+ expected_status = PSA_ERROR_DATA_INVALID;
+ }
+
+ /* Server second round Input */
+ status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_a_off, c_a_len );
+ if( inject_error == 4 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x2s_pk_off, c_x2s_pk_len );
+ if( inject_error == 4 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x2s_pr_off, c_x2s_pr_len );
+ if( inject_error == 4 && status != PSA_SUCCESS )
+ {
+ TEST_EQUAL( status, expected_status );
+ break;
+ }
+ else
+ {
+ TEST_EQUAL( status, PSA_SUCCESS );
+ }
+
+ /* Error didn't trigger, make test fail */
+ if( inject_error == 4 )
+ TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." );
+
+ break;
+
+ }
+
+exit:
+ mbedtls_free( buffer0 );
+ mbedtls_free( buffer1 );
+}
+#endif /* PSA_WANT_ALG_JPAKE */
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -8091,3 +8655,311 @@
PSA_DONE();
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
+void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg,
+ int primitive_arg, int hash_arg, int role_arg,
+ int input_first, data_t *pw_data,
+ int expected_status_setup_arg,
+ int expected_status_set_role_arg,
+ int expected_status_set_password_key_arg,
+ int expected_status_input_output_arg)
+{
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_pake_operation_t operation = psa_pake_operation_init();
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t key_type_pw = key_type_pw_arg;
+ psa_key_usage_t key_usage_pw = key_usage_pw_arg;
+ psa_algorithm_t hash_alg = hash_arg;
+ psa_pake_role_t role = role_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t expected_status_setup = expected_status_setup_arg;
+ psa_status_t expected_status_set_role = expected_status_set_role_arg;
+ psa_status_t expected_status_set_password_key =
+ expected_status_set_password_key_arg;
+ psa_status_t expected_status_input_output =
+ expected_status_input_output_arg;
+ unsigned char *output_buffer = NULL;
+ size_t output_len = 0;
+
+ PSA_INIT( );
+
+ ASSERT_ALLOC( output_buffer,
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg,
+ PSA_PAKE_STEP_KEY_SHARE) );
+
+ if( pw_data->len > 0 )
+ {
+ psa_set_key_usage_flags( &attributes, key_usage_pw );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type_pw );
+ PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len,
+ &key ) );
+ }
+
+ psa_pake_cs_set_algorithm( &cipher_suite, alg );
+ psa_pake_cs_set_primitive( &cipher_suite, primitive_arg );
+ psa_pake_cs_set_hash( &cipher_suite, hash_alg );
+
+ PSA_ASSERT( psa_pake_abort( &operation ) );
+
+ TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_set_password_key( &operation, key ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_set_role( &operation, role ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE,
+ NULL, 0, NULL ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0),
+ PSA_ERROR_BAD_STATE );
+
+ PSA_ASSERT( psa_pake_abort( &operation ) );
+
+ TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ),
+ expected_status_setup );
+ if( expected_status_setup != PSA_SUCCESS )
+ goto exit;
+
+ TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ),
+ PSA_ERROR_BAD_STATE );
+
+ TEST_EQUAL( psa_pake_set_role( &operation, role),
+ expected_status_set_role );
+ if( expected_status_set_role != PSA_SUCCESS )
+ goto exit;
+
+ if( pw_data->len > 0 )
+ {
+ TEST_EQUAL( psa_pake_set_password_key( &operation, key ),
+ expected_status_set_password_key );
+ if( expected_status_set_password_key != PSA_SUCCESS )
+ goto exit;
+ }
+
+ TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ),
+ PSA_ERROR_INVALID_ARGUMENT );
+
+ const uint8_t unsupported_id[] = "abcd";
+
+ TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ),
+ PSA_ERROR_NOT_SUPPORTED );
+ TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ),
+ PSA_ERROR_NOT_SUPPORTED );
+
+ /* First round */
+ if( input_first )
+ {
+ /* Invalid parameters */
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ NULL, 0 ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
+ output_buffer, 66 ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ /* Invalid first step */
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, 66 ),
+ PSA_ERROR_BAD_STATE );
+
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE,
+ output_buffer, 66 ),
+ expected_status_input_output);
+
+ if( expected_status_input_output == PSA_SUCCESS )
+ {
+ /* Buffer too large */
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+ output_buffer, 512 ),
+ PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ /* The operation should be aborted at this point */
+ TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+ output_buffer, 66 ),
+ PSA_ERROR_BAD_STATE );
+ }
+ }
+ else
+ {
+ /* Invalid parameters */
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ NULL, 0, NULL ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
+ output_buffer, 512, &output_len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ /* Invalid first step */
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, 512, &output_len ),
+ PSA_ERROR_BAD_STATE );
+
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE,
+ output_buffer, 512, &output_len ),
+ expected_status_input_output );
+
+ if( expected_status_input_output == PSA_SUCCESS )
+ {
+ TEST_ASSERT( output_len > 0 );
+
+ /* Buffer too small */
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+ output_buffer, 5, &output_len ),
+ PSA_ERROR_BUFFER_TOO_SMALL );
+
+ /* The operation should be aborted at this point */
+ TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+ output_buffer, 512, &output_len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ }
+
+exit:
+ PSA_ASSERT( psa_destroy_key( key ) );
+ PSA_ASSERT( psa_pake_abort( &operation ) );
+ mbedtls_free( output_buffer );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
+void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg,
+ int client_input_first, int inject_error,
+ data_t *pw_data )
+{
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_pake_operation_t server = psa_pake_operation_init();
+ psa_pake_operation_t client = psa_pake_operation_init();
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t hash_alg = hash_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_INIT( );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD );
+ PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len,
+ &key ) );
+
+ psa_pake_cs_set_algorithm( &cipher_suite, alg );
+ psa_pake_cs_set_primitive( &cipher_suite, primitive_arg );
+ psa_pake_cs_set_hash( &cipher_suite, hash_alg );
+
+
+ PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) );
+ PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) );
+
+ PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) );
+ PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) );
+
+ PSA_ASSERT( psa_pake_set_password_key( &server, key ) );
+ PSA_ASSERT( psa_pake_set_password_key( &client, key ) );
+
+ ecjpake_do_round( alg, primitive_arg, &server, &client,
+ client_input_first, 1, inject_error );
+
+ if( inject_error == 1 || inject_error == 2 )
+ goto exit;
+
+ ecjpake_do_round( alg, primitive_arg, &server, &client,
+ client_input_first, 2, inject_error );
+
+exit:
+ psa_destroy_key( key );
+ psa_pake_abort( &server );
+ psa_pake_abort( &client );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
+void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg,
+ int derive_alg_arg, data_t *pw_data,
+ int client_input_first )
+{
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_pake_operation_t server = psa_pake_operation_init();
+ psa_pake_operation_t client = psa_pake_operation_init();
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t hash_alg = hash_arg;
+ psa_algorithm_t derive_alg = derive_alg_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t server_derive =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t client_derive =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ PSA_INIT( );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD );
+ PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len,
+ &key ) );
+
+ psa_pake_cs_set_algorithm( &cipher_suite, alg );
+ psa_pake_cs_set_primitive( &cipher_suite, primitive_arg );
+ psa_pake_cs_set_hash( &cipher_suite, hash_alg );
+
+ /* Get shared key */
+ PSA_ASSERT( psa_key_derivation_setup( &server_derive, derive_alg ) );
+ PSA_ASSERT( psa_key_derivation_setup( &client_derive, derive_alg ) );
+
+ if( PSA_ALG_IS_TLS12_PRF( derive_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( derive_alg ) )
+ {
+ PSA_ASSERT( psa_key_derivation_input_bytes( &server_derive,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t*) "", 0) );
+ PSA_ASSERT( psa_key_derivation_input_bytes( &client_derive,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t*) "", 0) );
+ }
+
+ PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) );
+ PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) );
+
+ PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) );
+ PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) );
+
+ PSA_ASSERT( psa_pake_set_password_key( &server, key ) );
+ PSA_ASSERT( psa_pake_set_password_key( &client, key ) );
+
+ TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ),
+ PSA_ERROR_BAD_STATE );
+
+ /* First round */
+ ecjpake_do_round( alg, primitive_arg, &server, &client,
+ client_input_first, 1, 0 );
+
+ TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ),
+ PSA_ERROR_BAD_STATE );
+
+ /* Second round */
+ ecjpake_do_round( alg, primitive_arg, &server, &client,
+ client_input_first, 2, 0 );
+
+ PSA_ASSERT( psa_pake_get_implicit_key( &server, &server_derive ) );
+ PSA_ASSERT( psa_pake_get_implicit_key( &client, &client_derive ) );
+
+exit:
+ psa_key_derivation_abort( &server_derive );
+ psa_key_derivation_abort( &client_derive );
+ psa_destroy_key( key );
+ psa_pake_abort( &server );
+ psa_pake_abort( &client );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 0c8887a..65731ed 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "rsa_alt_helpers.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -16,6 +16,8 @@
mbedtls_rsa_context ctx;
const int invalid_padding = 42;
const int invalid_hash_id = 0xff;
+ unsigned char buf[] = {0x00,0x01,0x02,0x03,0x04,0x05};
+ size_t buf_len = sizeof( buf );
mbedtls_rsa_init( &ctx );
@@ -29,6 +31,28 @@
invalid_hash_id ),
MBEDTLS_ERR_RSA_INVALID_PADDING );
+ TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
#if !defined(MBEDTLS_PKCS1_V15)
TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
MBEDTLS_RSA_PKCS_V15,
@@ -36,6 +60,32 @@
MBEDTLS_ERR_RSA_INVALID_PADDING );
#endif
+#if defined(MBEDTLS_PKCS1_V15)
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+
+#endif
+
#if !defined(MBEDTLS_PKCS1_V21)
TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
MBEDTLS_RSA_PKCS_V21,
@@ -43,6 +93,42 @@
MBEDTLS_ERR_RSA_INVALID_PADDING );
#endif
+#if defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ MBEDTLS_MD_NONE, buf_len,
+ NULL, buf_len,
+ buf ),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ MBEDTLS_MD_SHA256, 0,
+ NULL, buf_len,
+ buf ),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE,
+ buf_len, NULL,
+ MBEDTLS_MD_NONE,
+ buf_len, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256,
+ 0, NULL,
+ MBEDTLS_MD_NONE,
+ buf_len, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+#endif
+
exit:
mbedtls_rsa_free( &ctx );
}
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 95d45ba..aebfd84 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -18,13 +18,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void sha256_invalid_param( )
{
mbedtls_sha256_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
@@ -67,13 +66,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
void sha512_invalid_param( )
{
mbedtls_sha512_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 26855a6..f24d1a4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -11,7 +11,7 @@
#include "mbedtls/ssl_cache.h"
#endif
-#include <legacy_or_psa.h>
+#include <mbedtls/legacy_or_psa.h>
#include "hash_info.h"
#include <constant_time_internal.h>
@@ -5439,7 +5439,7 @@
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+ unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
unsigned char *data = NULL;
unsigned char *out = NULL;
unsigned char rec_num = 0;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b650afd..60e703a 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -10,7 +10,7 @@
#include "mbedtls/error.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 9cb3dd4..1120bee 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,7 +7,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
@@ -102,13 +102,14 @@
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_x509write_csr_init( &req );
+
USE_PSA_INIT( );
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
- mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
@@ -184,9 +185,12 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- PSA_INIT( );
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ mbedtls_x509write_csr_init( &req );
+
+ USE_PSA_INIT( );
+
md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type );
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
@@ -205,7 +209,6 @@
PSA_KEY_USAGE_SIGN_HASH,
PSA_ALG_NONE ) == 0 );
- mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );