Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 63076f4..c1beccd 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -4,5 +4,5 @@
url: mailto:mbed-tls-security@lists.trustedfirmware.org
about: Report a security vulnerability.
- name: Mbed TLS mailing list
- url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+ url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org
about: Mbed TLS community support and general discussion.
diff --git a/.gitignore b/.gitignore
index 26986d6..8824ece 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,11 @@
# generated by scripts/memory.sh
massif-*
+# Eclipse project files
+.cproject
+.project
+/.settings
+
# MSVC build artifacts:
*.exe
*.pdb
diff --git a/.travis.yml b/.travis.yml
index cdb68ac..82e7d30 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -65,7 +65,7 @@
- gnutls-bin
coverity_scan:
project:
- name: "ARMmbed/mbedtls"
+ name: "Mbed-TLS/mbedtls"
notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
diff --git a/BRANCHES.md b/BRANCHES.md
index 60218b0..bc8e750 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -1,19 +1,26 @@
# Maintained branches
-At any point in time, we have a number of maintained branches consisting of:
+At any point in time, we have a number of maintained branches, currently consisting of:
-- The [`master`](https://github.com/ARMmbed/mbedtls/tree/master) branch:
+- The [`master`](https://github.com/Mbed-TLS/mbedtls/tree/master) branch:
this always contains the latest release, including all publicly available
security fixes.
-- The [`development`](https://github.com/ARMmbed/mbedtls/tree/development) branch:
+- The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch:
this is where the current major version of Mbed TLS (version 3.x) is being
prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
as well as all the new features and bug fixes and security fixes.
-- The [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x) branch:
- this branch retains the API of Mbed TLS 2.x, and has a subset of the
- features added after Mbed TLS 2.26.0 and bug fixes and security fixes.
-- One or more long-time support (LTS) branches:
- these only get bug fixes and security fixes.
+- One or more long-time support (LTS) branches: these only get bug fixes and
+ security fixes. Currently, the only supported LTS branch is:
+ [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28).
+- For a short time we also have the previous LTS, which has recently ended its
+ support period,
+ [`mbedtls-2.16`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.16).
+ This branch will move into the `archive` namespace around the time of
+ the next release.
+
+We retain a number of historical branches, whose names are prefixed by `archive/`,
+such as [`archive/mbedtls-2.7`](https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7).
+These branches will not receive any changes or updates.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
API compatibility in the `master` branch across minor version changes (e.g.
@@ -68,11 +75,10 @@
The following branches are currently maintained:
-- [master](https://github.com/ARMmbed/mbedtls/tree/master)
-- [`development`](https://github.com/ARMmbed/mbedtls/)
-- [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x)
-- [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
- maintained until at least the end of 2021, see
- <https://tls.mbed.org/tech-updates/blog/announcing-lts-branch-mbedtls-2.16>
+- [master](https://github.com/Mbed-TLS/mbedtls/tree/master)
+- [`development`](https://github.com/Mbed-TLS/mbedtls/)
+- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
+ maintained until at least the end of 2024, see
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/BUGS.md b/BUGS.md
index e8705ff..47bde07 100644
--- a/BUGS.md
+++ b/BUGS.md
@@ -1,6 +1,6 @@
## Known issues
-Known issues in Mbed TLS are [tracked on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+Known issues in Mbed TLS are [tracked on GitHub](https://github.com/Mbed-TLS/mbedtls/issues).
## Reporting a bug
@@ -9,12 +9,12 @@
1. Make sure you're using the latest version of a
[maintained branch](BRANCHES.md): `master`, `development`,
or a long-time support branch.
-2. Check [GitHub](https://github.com/ARMmbed/mbedtls/issues) to see if
+2. Check [GitHub](https://github.com/Mbed-TLS/mbedtls/issues) to see if
your issue has already been reported. If not, …
3. If the issue is a security risk (for example: buffer overflow,
data leak), please report it confidentially as described in
[`SECURITY.md`](SECURITY.md). If not, …
-4. Please [create an issue on on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+4. Please [create an issue on on GitHub](https://github.com/Mbed-TLS/mbedtls/issues).
Please do not use GitHub for support questions. If you want to know
how to do something with Mbed TLS, please see [`SUPPORT.md`](SUPPORT.md) for available documentation and support channels.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 479487f..0fccd3d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -54,7 +54,7 @@
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
-if(WIN32)
+if(CMAKE_HOST_WIN32)
option(GEN_FILES "Generate the auto-generated files as needed" OFF)
else()
option(GEN_FILES "Generate the auto-generated files as needed" ON)
@@ -223,8 +223,8 @@
endif(CMAKE_COMPILER_IS_IAR)
if(CMAKE_COMPILER_IS_MSVC)
- # Strictest warnings
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
+ # Strictest warnings, UTF-8 source and execution charset
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8")
endif(CMAKE_COMPILER_IS_MSVC)
if(MBEDTLS_FATAL_WARNINGS)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index dcaa360..cea12f1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,8 +14,8 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
-1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
+1. [Check for open issues](https://github.com/Mbed-TLS/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
+1. Fork the [Mbed TLS repository on GitHub](https://github.com/Mbed-TLS/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/Mbed-TLS/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
@@ -47,15 +47,11 @@
1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
-It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
+It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/Mbed-TLS/mbedtls/tree/development) by contributors.
The list of maintained branches can be found in the [Current Branches section
of BRANCHES.md](BRANCHES.md#current-branches).
-The only currently maintained LTS branch is:
-1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
-
-
Tests
-----
As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
@@ -72,7 +68,7 @@
----------------------------
Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
-It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
+It is advised to enable the [githooks scripts](https://github.com/Mbed-TLS/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
Documentation
-------------
@@ -82,4 +78,4 @@
1. Complex parts in the code should include comments.
1. If needed, a Readme file is advised.
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
-1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
+1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
diff --git a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
new file mode 100644
index 0000000..a4d9c54
--- /dev/null
+++ b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
@@ -0,0 +1,5 @@
+Changes
+ * The file library/psa_crypto_driver_wrappers.c is now generated
+ from a template. In the future, the generation will support
+ driver descriptions. For the time being, to customize this file,
+ see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
diff --git a/ChangeLog.d/MD-X.509-hashing.txt b/ChangeLog.d/MD-X.509-hashing.txt
new file mode 100644
index 0000000..2ca989c
--- /dev/null
+++ b/ChangeLog.d/MD-X.509-hashing.txt
@@ -0,0 +1,2 @@
+Features
+ * The X.509 module now uses PSA hash acceleration if present.
diff --git a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt b/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
new file mode 100644
index 0000000..9acbb0a
--- /dev/null
+++ b/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix unit tests that used 0 as the file UID. This failed on some
+ implementations of PSA ITS. Fixes #3838.
diff --git a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt b/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
new file mode 100644
index 0000000..57c7561
--- /dev/null
+++ b/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix API violation in mbedtls_md_process() test by adding a call to
+ mbedtls_md_starts(). Fixes #2227.
diff --git a/ChangeLog.d/add_final_delay_accessor b/ChangeLog.d/add_final_delay_accessor
new file mode 100644
index 0000000..8d341df
--- /dev/null
+++ b/ChangeLog.d/add_final_delay_accessor
@@ -0,0 +1,4 @@
+Features
+ * Add the function mbedtls_timing_get_final_delay() to access the private
+ final delay field in an mbedtls_timing_delay_context, as requested in
+ #5183
diff --git a/ChangeLog.d/add_handshake_completion_accessor b/ChangeLog.d/add_handshake_completion_accessor
new file mode 100644
index 0000000..e2b28cf
--- /dev/null
+++ b/ChangeLog.d/add_handshake_completion_accessor
@@ -0,0 +1,4 @@
+Features
+ * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL
+ Handshake has completed or not, and thus whether to continue calling
+ mbedtls_ssl_handshake_step(), requested in #4383
diff --git a/ChangeLog.d/add_own_cid_accessors b/ChangeLog.d/add_own_cid_accessors
new file mode 100644
index 0000000..fb02868
--- /dev/null
+++ b/ChangeLog.d/add_own_cid_accessors
@@ -0,0 +1,4 @@
+Features
+ * Add the function mbedtls_ssl_get_own_cid() to access our own connection id
+ within mbedtls_ssl_context, as requested in #5184
+
diff --git a/ChangeLog.d/alert_reentrant.txt b/ChangeLog.d/alert_reentrant.txt
new file mode 100644
index 0000000..691d64c
--- /dev/null
+++ b/ChangeLog.d/alert_reentrant.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
+ potentially leading to corrupted alert messages being sent in case
+ the function needs to be re-called after initially returning
+ MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt
new file mode 100644
index 0000000..21e829c
--- /dev/null
+++ b/ChangeLog.d/ccm_star_no_tag.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general
+ pattern for PSA_WANT_xxx symbols. Previously you had to specify
+ PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG.
diff --git a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt b/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
new file mode 100644
index 0000000..af35e2a
--- /dev/null
+++ b/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
@@ -0,0 +1,4 @@
+Default behavior changes
+ * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
+ for IV lengths other than 12. The library was silently overwriting this
+ length with 12, but did not inform the caller about it. Fixes #4301.
diff --git a/ChangeLog.d/cmake_msvc_utf8.txt b/ChangeLog.d/cmake_msvc_utf8.txt
new file mode 100644
index 0000000..552eec7
--- /dev/null
+++ b/ChangeLog.d/cmake_msvc_utf8.txt
@@ -0,0 +1,2 @@
+Changes
+ * Assume source files are in UTF-8 when using MSVC with CMake.
diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt
new file mode 100644
index 0000000..b020616
--- /dev/null
+++ b/ChangeLog.d/dtls-cid-null.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
+ MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null
+ pointer dereference. Fix this. Fixes #3998.
+ The fix was released, but not announced, in Mbed TLS 3.1.0.
diff --git a/ChangeLog.d/fix-parllel-cmake-build-fail.txt b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
new file mode 100644
index 0000000..4746c7b
--- /dev/null
+++ b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a race condition in out-of-source builds with CMake when generated data
+ files are already present. Fixes #5374
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
new file mode 100644
index 0000000..6878645
--- /dev/null
+++ b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compilation on Windows when building shared library, by setting
+ library search path to CMAKE_CURRENT_BINARY_DIR.
diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt
new file mode 100644
index 0000000..4b5d7d4
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ecp_export.txt
@@ -0,0 +1,3 @@
+Features
+ * Add mbedtls_ecp_export() function to export ECP
+ keypair parameters. Fixes #4838.
diff --git a/ChangeLog.d/mbedtls_pem_get_der.txt b/ChangeLog.d/mbedtls_pem_get_der.txt
new file mode 100644
index 0000000..b03b058
--- /dev/null
+++ b/ChangeLog.d/mbedtls_pem_get_der.txt
@@ -0,0 +1,2 @@
+Features
+ * Add accessor to get the raw buffer pointer from a PEM context.
diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt
new file mode 100644
index 0000000..8dfa2e5
--- /dev/null
+++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt
@@ -0,0 +1,3 @@
+Features
+ * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
+ PSA Crypto is enabled.
diff --git a/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt
new file mode 100644
index 0000000..865b337
--- /dev/null
+++ b/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt
@@ -0,0 +1,2 @@
+Features
+ * A64 SHA-2 crypto extension support for SHA-256
diff --git a/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
new file mode 100644
index 0000000..01be0b3
--- /dev/null
+++ b/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
@@ -0,0 +1,2 @@
+Features
+ * A64 crypto extension support for SHA-512
diff --git a/ChangeLog.d/mbedtls_ssl_cert_cb.txt b/ChangeLog.d/mbedtls_ssl_cert_cb.txt
new file mode 100644
index 0000000..fcdc23c
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_cert_cb.txt
@@ -0,0 +1,7 @@
+Features
+ * Add server certificate selection callback near end of Client Hello.
+ Register callback with mbedtls_ssl_conf_cert_cb().
+ * Provide mechanism to reset handshake cert list by calling
+ mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
+ * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within
+ cert callback (mbedtls_ssl_conf_cert_cb()) during handshake.
diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
new file mode 100644
index 0000000..d55c016
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
diff --git a/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt b/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
new file mode 100644
index 0000000..c4235b7
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
@@ -0,0 +1,3 @@
+Features
+ * Add accessor to obtain ciphersuite id from ssl context.
+ * Add accessors to get members from ciphersuite info.
diff --git a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
new file mode 100644
index 0000000..28c3371
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
@@ -0,0 +1,4 @@
+Features
+ * Introduce mbedtls_ssl_hs_cb_t typedef for use with
+ mbedtls_ssl_conf_cert_cb() and perhaps future callbacks
+ during TLS handshake.
diff --git a/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt b/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt
new file mode 100644
index 0000000..b843bfd
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt
@@ -0,0 +1,2 @@
+Features
+ * Add mbedtls_ssl_ticket_rotate() for external ticket rotation.
diff --git a/ChangeLog.d/mbedtls_ssl_tls13_client.txt b/ChangeLog.d/mbedtls_ssl_tls13_client.txt
new file mode 100644
index 0000000..855945b
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_tls13_client.txt
@@ -0,0 +1,4 @@
+Features
+ * Add ALPN support in tls13 client. Client is able to write ALPN extension
+ in client hello, and able to parse the response from server encrypted
+ extension.
diff --git a/ChangeLog.d/mbedtls_tlsver_enum.txt b/ChangeLog.d/mbedtls_tlsver_enum.txt
new file mode 100644
index 0000000..16435c6
--- /dev/null
+++ b/ChangeLog.d/mbedtls_tlsver_enum.txt
@@ -0,0 +1,6 @@
+Features
+ * Unify internal/external TLS protocol version enums
+ * Deprecate mbedtls_ssl_conf_max_version()
+ Replaced with mbedtls_ssl_conf_max_tls_version()
+ * Deprecate mbedtls_ssl_conf_min_version()
+ Replaced with mbedtls_ssl_conf_min_tls_version()
diff --git a/ChangeLog.d/md_info_from_ctx.txt b/ChangeLog.d/md_info_from_ctx.txt
new file mode 100644
index 0000000..f8ec1a0
--- /dev/null
+++ b/ChangeLog.d/md_info_from_ctx.txt
@@ -0,0 +1,3 @@
+Features
+ * Add a function to extract message digest information from a message
+ digest context.
diff --git a/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt b/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt
new file mode 100644
index 0000000..9d7a32e
--- /dev/null
+++ b/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt
@@ -0,0 +1,3 @@
+Changes
+ * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a
+ temporary variable on the heap. Suggested by Sergey Kanatov in #5304.
diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt
new file mode 100644
index 0000000..7243874
--- /dev/null
+++ b/ChangeLog.d/psa_aead_singleshot_error.txt
@@ -0,0 +1,4 @@
+Changes
+ * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to singleshot
+ AEAD functions is not an AEAD algorithm. This aligns them with the
+ multipart functions, and the PSA Crypto API 1.1 spec.
diff --git a/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt b/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt
new file mode 100644
index 0000000..393fa8d
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt
@@ -0,0 +1,3 @@
+Features
+ * Add support for psa crypto key derivation for elliptic curve
+ keys. Fixes #3260.
diff --git a/ChangeLog.d/psa_crypto_reduced_configs.txt b/ChangeLog.d/psa_crypto_reduced_configs.txt
new file mode 100644
index 0000000..5bc9bc1
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_reduced_configs.txt
@@ -0,0 +1,5 @@
+Changes
+ * Automatically enable MBEDTLS_PK_WRITE_C if MBEDTLS_PK_C and
+ MBEDTLS_USE_PSA_CRYPTO are enabled. This is due to ecdsa_verify_wrap
+ requirements, but will also probably be needed by RSA soon, hence the
+ broader PK_C requirement.
diff --git a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt b/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
new file mode 100644
index 0000000..0d61cb7
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix several bugs (warnings, compiler and linker errors, test failures)
+ in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/raw-agreement-destroy-missing.txt b/ChangeLog.d/raw-agreement-destroy-missing.txt
new file mode 100644
index 0000000..7342b8c
--- /dev/null
+++ b/ChangeLog.d/raw-agreement-destroy-missing.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Add missing key slot destruction calls when a raw key agreement or
+ a public key export fails in ssl_write_client_key_exchange.
diff --git a/ChangeLog.d/ssl_context-user_data.txt b/ChangeLog.d/ssl_context-user_data.txt
new file mode 100644
index 0000000..630d8f0
--- /dev/null
+++ b/ChangeLog.d/ssl_context-user_data.txt
@@ -0,0 +1,6 @@
+Features
+ * The structures mbedtls_ssl_config and mbedtls_ssl_context now store
+ a piece of user data which is reserved for the application. The user
+ data can be either a pointer or an integer.
+ * Add an accessor function to get the configuration associated with
+ an SSL context.
diff --git a/ChangeLog.d/ssl_context-version_number.txt b/ChangeLog.d/ssl_context-version_number.txt
new file mode 100644
index 0000000..b5951d0
--- /dev/null
+++ b/ChangeLog.d/ssl_context-version_number.txt
@@ -0,0 +1,3 @@
+Features
+ * Add a function to access the protocol version from an SSL context in a
+ form that's easy to compare. Fixes #5407.
diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
new file mode 100644
index 0000000..4436522
--- /dev/null
+++ b/ChangeLog.d/ssl_get_version_1_3.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
diff --git a/ChangeLog.d/timeless.txt b/ChangeLog.d/timeless.txt
new file mode 100644
index 0000000..84f07d6
--- /dev/null
+++ b/ChangeLog.d/timeless.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
+ to catch bad uses of time.h.
diff --git a/ChangeLog.d/tls13_and_use_psa_crypto.txt b/ChangeLog.d/tls13_and_use_psa_crypto.txt
new file mode 100644
index 0000000..6198804
--- /dev/null
+++ b/ChangeLog.d/tls13_and_use_psa_crypto.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * The TLS 1.3 implementation is now compatible with the
+ MBEDTLS_USE_PSA_CRYPTO configuration option.
diff --git a/ChangeLog.d/tls13_f_export_keys.txt b/ChangeLog.d/tls13_f_export_keys.txt
new file mode 100644
index 0000000..31debc2
--- /dev/null
+++ b/ChangeLog.d/tls13_f_export_keys.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fixed swap of client and server random bytes when exporting them alongside
+ TLS 1.3 handshake and application traffic secret.
diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt
new file mode 100644
index 0000000..cc432bd
--- /dev/null
+++ b/ChangeLog.d/use-psa-ecdhe-curve.txt
@@ -0,0 +1,7 @@
+Bugfix
+ * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
+ enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
+ client would fail to check that the curve selected by the server for
+ ECDHE was indeed one that was offered. As a result, the client would
+ accept any curve that it supported, even if that curve was not allowed
+ according to its configuration.
diff --git a/ChangeLog.d/zeroize_key_buffers_before_free.txt b/ChangeLog.d/zeroize_key_buffers_before_free.txt
new file mode 100644
index 0000000..ba5bae1
--- /dev/null
+++ b/ChangeLog.d/zeroize_key_buffers_before_free.txt
@@ -0,0 +1,4 @@
+Security
+ * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
+ module before freeing them. These buffers contain secret key material, and
+ could thus potentially leak the key through freed heap.
diff --git a/README.md b/README.md
index 7e44f21..275e2dd 100644
--- a/README.md
+++ b/README.md
@@ -290,7 +290,7 @@
The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`.
-There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
+There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/Mbed-TLS/mbedtls/labels/compliance) for an up-to-date list.
### Upcoming features
@@ -315,5 +315,5 @@
-------
* To report a security vulnerability in Mbed TLS, please email <mbed-tls-security@lists.trustedfirmware.org>. For more information, see [`SECURITY.md`](SECURITY.md).
-* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose).
+* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose).
* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS.
diff --git a/SUPPORT.md b/SUPPORT.md
index 1bc0695..dab7ac5 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -7,9 +7,9 @@
- the `docs` directory in the source tree;
- the [Mbed TLS knowledge Base](https://tls.mbed.org/kb);
- the [Mbed TLS mailing-list
- archives](https://lists.trustedfirmware.org/pipermail/mbed-tls/).
+ archives](https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/).
## Asking Questions
If you can't find your answer in the above sources, please use the [Mbed TLS
-mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls).
+mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org).
diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h
new file mode 100644
index 0000000..183815d
--- /dev/null
+++ b/configs/config-ccm-psk-dtls1_2.h
@@ -0,0 +1,108 @@
+/**
+ * \file config-ccm-psk-dtls1_2.h
+ *
+ * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
+ *
+ * Distinguishing features:
+ * - Optimized for small code size, low bandwidth (on an unreliable transport),
+ * and low RAM usage.
+ * - No asymmetric cryptography (no certificates, no Diffie-Hellman key
+ * exchange).
+ * - Fully modern and secure (provided the pre-shared keys are generated and
+ * stored securely).
+ * - Very low record overhead with CCM-8.
+ * - Includes several optional DTLS features typically used in IoT.
+ *
+ * See README.txt for usage instructions.
+ */
+
+/* System support */
+//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
+/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
+
+/* Mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+/* The library does not currently support enabling SHA-224 without SHA-256.
+ * A future version of the library will have this option disabled
+ * by default. */
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_TIMING_C
+
+/* TLS protocol feature support */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/*
+ * Use only CCM_8 ciphersuites, and
+ * save ROM and a few bytes of RAM by specifying our own ciphersuite list
+ */
+#define MBEDTLS_SSL_CIPHERSUITES \
+ MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
+ MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+
+/*
+ * Save RAM at the expense of interoperability: do this only if you control
+ * both ends of the connection! (See comments in "mbedtls/ssl.h".)
+ * The optimal size here depends on the typical size of records.
+ */
+#define MBEDTLS_SSL_IN_CONTENT_LEN 256
+#define MBEDTLS_SSL_OUT_CONTENT_LEN 256
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save some RAM by adjusting to your exact needs */
+#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
+
+/*
+ * You should adjust this to the exact number of sources you're using: default
+ * is the "platform_entropy_poll" source, but you may want to add other ones
+ * Minimum is 2 for the entropy test suite.
+ */
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+
+/* These defines are present so that the config modifying scripts can enable
+ * them during tests/scripts/test-ref-configs.pl */
+//#define MBEDTLS_USE_PSA_CRYPTO
+//#define MBEDTLS_PSA_CRYPTO_C
+
+/* Error messages and TLS debugging traces
+ * (huge code size increase, needed for tests/ssl-opt.sh) */
+//#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_ERROR_C
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 51bb962..f935a33 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -21,11 +21,15 @@
*/
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
+ *
* Distinguishing features:
- * - no bignum, no PK, no X509
- * - fully modern and secure (provided the pre-shared keys have high entropy)
- * - very low record overhead with CCM-8
- * - optimized for low RAM usage
+ * - Optimized for small code size, low bandwidth (on a reliable transport),
+ * and low RAM usage.
+ * - No asymmetric cryptography (no certificates, no Diffie-Hellman key
+ * exchange).
+ * - Fully modern and secure (provided the pre-shared keys are generated and
+ * stored securely).
+ * - Very low record overhead with CCM-8.
*
* See README.txt for usage instructions.
*/
@@ -34,11 +38,7 @@
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
-/* mbed TLS feature support */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define MBEDTLS_SSL_PROTO_TLS1_2
-
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
@@ -55,18 +55,9 @@
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
-/* Save RAM at the expense of ROM */
-#define MBEDTLS_AES_ROM_TABLES
-
-/* Save some RAM by adjusting to your exact needs */
-#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
-
-/*
- * You should adjust this to the exact number of sources you're using: default
- * is the "platform_entropy_poll" source, but you may want to add other ones
- * Minimum is 2 for the entropy test suite.
- */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+/* TLS protocol feature support */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
/*
* Use only CCM_8 ciphersuites, and
@@ -81,5 +72,28 @@
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
* The optimal size here depends on the typical size of records.
*/
-#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
+#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save some RAM by adjusting to your exact needs */
+#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
+
+/*
+ * You should adjust this to the exact number of sources you're using: default
+ * is the "platform_entropy_poll" source, but you may want to add other ones
+ * Minimum is 2 for the entropy test suite.
+ */
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+
+/* These defines are present so that the config modifying scripts can enable
+ * them during tests/scripts/test-ref-configs.pl */
+//#define MBEDTLS_USE_PSA_CRYPTO
+//#define MBEDTLS_PSA_CRYPTO_C
+
+/* Error messages and TLS debugging traces
+ * (huge code size increase, needed for tests/ssl-opt.sh) */
+//#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_ERROR_C
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index edba4a0..31fab4e 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -21,7 +21,7 @@
*/
/*
* Minimal configuration of features that do not require an entropy source
- * Distinguishing reatures:
+ * Distinguishing features:
* - no entropy module
* - no TLS protocol implementation available due to absence of an entropy
* source
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index c70773d..68ccf10 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -110,3 +110,13 @@
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
+
+/* These defines are present so that the config modifying scripts can enable
+ * them during tests/scripts/test-ref-configs.pl */
+//#define MBEDTLS_USE_PSA_CRYPTO
+//#define MBEDTLS_PSA_CRYPTO_C
+
+/* Error messages and TLS debugging traces
+ * (huge code size increase, needed for tests/ssl-opt.sh) */
+//#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_ERROR_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 36d8245..c032fdc 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -85,3 +85,8 @@
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+
+/* These defines are present so that the config modifying scripts can enable
+ * them during tests/scripts/test-ref-configs.pl */
+//#define MBEDTLS_USE_PSA_CRYPTO
+//#define MBEDTLS_PSA_CRYPTO_C
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 12cff49..3653683 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -48,7 +48,7 @@
If you were accessing structure fields directly, and these fields are not documented as public, you need to change your code. If an accessor (getter/setter) function exists, use that. Direct accessor functions are usually called `mbedtls_<MODULE>_{get,set}_<FIELD>` or `mbedtls_<MODULE>_<STRUCTURE>_{get,set}_<FIELD>`. Accessor functions that change the format may use different verbs, for example `read`/`write` for functions that import/export data from/to a text or byte string.
-If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/ARMmbed/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.).
+If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.).
As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS.
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
new file mode 100644
index 0000000..31adec3
--- /dev/null
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -0,0 +1,394 @@
+This document lists current limitations of the PSA Crypto API (as of version
+1.1) that may impact our ability to (1) use it for all crypto operations in
+TLS and X.509 and (2) support isolation of all long-term secrets in TLS (that
+is, goals G1 and G2 in [strategy.md](strategy.md) in the same directory).
+
+This is supposed to be a complete list, based on a exhaustive review of crypto
+operations done in TLS and X.509 code, but of course it's still possible that
+subtle-but-important issues have been missed. The only way to be really sure
+is, of course, to actually do the migration work.
+
+Limitations relevant for G1 (performing crypto operations)
+==========================================================
+
+Restartable ECC operations
+--------------------------
+
+There is currently no support for that in PSA at all. API design, as well as
+implementation, would be non-trivial.
+
+Currently, `MBEDTLS_USE_PSA_CRYPTO` is simply incompatible with
+`MBEDTLS_ECP_RESTARTABLE`.
+
+Things that are in the API but not implemented yet
+--------------------------------------------------
+
+PSA Crypto has an API for FFDH, but it's not implemented in Mbed TLS yet.
+(Regarding FFDH, see the next section as well.) See issue [3261][ffdh] on
+github.
+
+[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
+
+PSA Crypto has an experimental API for EC J-PAKE, but it's not implemented in
+Mbed TLS yet. See the [EC J-PAKE follow-up EPIC][ecjp] on github.
+
+[ecjp]: https://github.com/orgs/Mbed-TLS/projects/1#column-17950140
+
+Arbitrary parameters for FFDH
+-----------------------------
+
+(See also the first paragraph in the previous section.)
+
+Currently, the PSA Crypto API can only perform FFDH with a limited set of
+well-known parameters (some of them defined in the spec, but implementations
+are free to extend that set).
+
+TLS 1.2 (and earlier) on the other hand have the server send explicit
+parameters (P and G) in its ServerKeyExchange message. This has been found to
+be suboptimal for security, as it is prohibitively hard for the client to
+verify the strength of these parameters. This led to the development of RFC
+7919 which allows use of named groups in TLS 1.2 - however as this is only an
+extension, servers can still send custom parameters if they don't support the
+extension.
+
+In TLS 1.3 the situation will be simpler: named groups are the only
+option, so the current PSA Crypto API is a good match for that. (Not
+coincidentally, all the groups used by RFC 7919 and TLS 1.3 are included
+in the PSA specification.)
+
+There are several options here:
+
+1. Implement support for custom FFDH parameters in PSA Crypto: this would pose
+ non-trivial API design problem, but most importantly seems backwards, as
+the crypto community is moving away from custom FFDH parameters.
+2. Drop the DHE-RSA and DHE-PSK key exchanges in TLS 1.2 when moving to PSA.
+3. Implement RFC 7919, support DHE-RSA and DHE-PSK only in conjunction with it
+ when moving to PSA. We can modify our server so that it only selects a DHE
+ ciphersuite if the client offered name FFDH groups; unfortunately
+client-side the only option is to offer named groups and break the handshake
+if the server didn't take on our offer. This is not fully satisfying, but is
+perhaps the least unsatisfying option in terms of result; it's also probably
+the one that requires the most work, but it would deliver value beyond PSA
+migration by implementing RFC 7919.
+
+RSA-PSS parameters
+------------------
+
+RSA-PSS signatures are defined by PKCS#1 v2, re-published as RFC 8017
+(previously RFC 3447).
+
+As standardized, the signature scheme takes several parameters, in addition to
+the hash algorithm potentially used to hash the message being signed:
+- a hash algorithm used for the encoding function
+- a mask generation function
+ - most commonly MGF1, which in turn is parametrized by a hash algorithm
+- a salt length
+- a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left
+ configurable in the original scheme; 0xBC is used everywhere in pratice.
+
+Both the existing `mbedtls_` API and the PSA API support only MGF1 as the
+generation function (and only 0xBC as the trailer field), but there are
+discrepancies in handling the salt length and which of the various hash
+algorithms can differ from each other.
+
+### API comparison
+
+- RSA:
+ - signature: `mbedtls_rsa_rsassa_pss_sign()`
+ - message hashed externally
+ - encoding hash = MGF1 hash (from context, or argument = message hash)
+ - salt length: always using the maximum legal value
+ - signature: `mbedtls_rsa_rsassa_pss_sign_ext()`
+ - message hashed externally
+ - encoding hash = MGF1 hash (from context, or argument = message hash)
+ - salt length: specified explicitly
+ - verification: `mbedtls_rsassa_pss_verify()`
+ - message hashed externally
+ - encoding hash = MGF1 hash (from context, or argument = message hash)
+ - salt length: any valid length accepted
+ - verification: `mbedtls_rsassa_pss_verify_ext()`
+ - message hashed externally
+ - encoding hash = MGF1 hash from dedicated argument
+ - expected salt length: specified explicitly, can specify "ANY"
+- PK:
+ - signature: not supported
+ - verification: `mbedtls_pk_verify_ext()`
+ - message hashed externally
+ - encoding hash = MGF1 hash, specified explicitly
+ - expected salt length: specified explicitly, can specify "ANY"
+- PSA:
+ - algorithm specification:
+ - hash alg used for message hashing, encoding and MGF1
+ - salt length can be either "standard" (<= hashlen, see note) or "any"
+ - signature generation:
+ - salt length: always <= hashlen (see note) and random salt
+ - verification:
+ - salt length: either <= hashlen (see note), or any depending on algorithm
+
+Note: above, "<= hashlen" means that hashlen is used if possible, but if it
+doesn't fit because the key is too short, then the maximum length that fits is
+used.
+
+The RSA/PK API is in principle more flexible than the PSA Crypto API. The
+following sub-sections study whether and how this matters in practice.
+
+### Use in X.509
+
+RFC 4055 Section 3.1 defines the encoding of RSA-PSS that's used in X.509.
+It allows independently specifying the message hash (also used for encoding
+hash), the MGF (and its hash if MGF1 is used), and the salt length (plus an
+extra parameter "trailer field" that doesn't vary in practice"). These can be
+encoded as part of the key, and of the signature. If both encoding are
+presents, all values must match except possibly for the salt length, where the
+value from the signature parameters is used.
+
+In Mbed TLS, RSA-PSS parameters can be parsed and displayed for various
+objects (certificates, CRLs, CSRs). During parsing, the following properties
+are enforced:
+- the extra "trailer field" parameter must have its default value
+- the mask generation function is MGF1
+- encoding hash = message hashing algorithm (may differ from MGF1 hash)
+
+When it comes to cryptographic operations, only two things are supported:
+- verifying the signature on a certificate from its parent;
+- verifying the signature on a CRL from the issuing CA.
+
+The verification is done using `mbedtls_pk_verify_ext()`.
+
+Note: since X.509 parsing ensures that message hash = encoding hash, and
+`mbedtls_pk_verify_ext()` uses encoding hash = mgf1 hash, it looks like all
+three hash algorithms must be equal, which would be good news as it would
+match a limitation of the PSA API.
+
+It is unclear what parameters people use in practice. It looks like by default
+OpenSSL picks saltlen = keylen - hashlen - 2 (tested with openssl 1.1.1f).
+The `certool` command provided by GnuTLS seems to be picking saltlen = hashlen
+by default (tested with GnuTLS 3.6.13). FIPS 186-4 requires 0 <= saltlen <=
+hashlen.
+
+### Use in TLS
+
+In TLS 1.2 (or lower), RSA-PSS signatures are never used, except via X.509.
+
+In TLS 1.3, RSA-PSS signatures can be used directly in the protocol (in
+addition to indirect use via X.509). It has two sets of three signature
+algorithm identifiers (for SHA-256, SHA-384 and SHA-512), depending of what
+the OID of the public key is (rsaEncryption or RSASSA-PSS).
+
+In both cases, it specifies that:
+- the mask generation function is MGF1
+- all three hashes are equal
+- the length of the salt MUST be equal to the length of the digest algorithm
+
+When signing, the salt length picked by PSA is the one required by TLS 1.3
+(unless the key is unreasonably small).
+
+When verifying signatures, PSA will by default enforce the salt len is the one
+required by TLS 1.3.
+
+### Current testing - X509
+
+All test files use the default trailer field of 0xBC, as enforced by our
+parser. (There's a negative test for that using the
+`x509_parse_rsassa_pss_params` test function and hex data.)
+
+Files with "bad" in the name are expected to be invalid and rejected in tests.
+
+**Test certificates:**
+
+server9-bad-mgfhash.crt (announcing mgf1(sha224), signed with another mgf)
+ Hash Algorithm: sha256
+ Mask Algorithm: mgf1 with sha224
+ Salt Length: 0xDE
+server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len)
+ Hash Algorithm: sha256
+ Mask Algorithm: mgf1 with sha256
+ Salt Length: 0xDE
+server9-badsign.crt (one bit flipped in the signature)
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0xEA
+server9-defaults.crt
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0x14 (default)
+server9-sha224.crt
+ Hash Algorithm: sha224
+ Mask Algorithm: mgf1 with sha224
+ Salt Length: 0xE2
+server9-sha256.crt
+ Hash Algorithm: sha256
+ Mask Algorithm: mgf1 with sha256
+ Salt Length: 0xDE
+server9-sha384.crt
+ Hash Algorithm: sha384
+ Mask Algorithm: mgf1 with sha384
+ Salt Length: 0xCE
+server9-sha512.crt
+ Hash Algorithm: sha512
+ Mask Algorithm: mgf1 with sha512
+ Salt Length: 0xBE
+server9-with-ca.crt
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0xEA
+server9.crt
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0xEA
+
+These certificates are signed with a 2048-bit key. It appears that they are
+all using saltlen = keylen - hashlen - 2, except for server9-defaults which is
+using saltlen = hashlen.
+
+**Test CRLs:**
+
+crl-rsa-pss-sha1-badsign.pem
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0xEA
+crl-rsa-pss-sha1.pem
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0xEA
+crl-rsa-pss-sha224.pem
+ Hash Algorithm: sha224
+ Mask Algorithm: mgf1 with sha224
+ Salt Length: 0xE2
+crl-rsa-pss-sha256.pem
+ Hash Algorithm: sha256
+ Mask Algorithm: mgf1 with sha256
+ Salt Length: 0xDE
+crl-rsa-pss-sha384.pem
+ Hash Algorithm: sha384
+ Mask Algorithm: mgf1 with sha384
+ Salt Length: 0xCE
+crl-rsa-pss-sha512.pem
+ Hash Algorithm: sha512
+ Mask Algorithm: mgf1 with sha512
+ Salt Length: 0xBE
+
+These CRLs are signed with a 2048-bit key. It appears that they are
+all using saltlen = keylen - hashlen - 2.
+
+**Test CSRs:**
+
+server9.req.sha1
+ Hash Algorithm: sha1 (default)
+ Mask Algorithm: mgf1 with sha1 (default)
+ Salt Length: 0x6A
+server9.req.sha224
+ Hash Algorithm: sha224
+ Mask Algorithm: mgf1 with sha224
+ Salt Length: 0x62
+server9.req.sha256
+ Hash Algorithm: sha256
+ Mask Algorithm: mgf1 with sha256
+ Salt Length: 0x5E
+server9.req.sha384
+ Hash Algorithm: sha384
+ Mask Algorithm: mgf1 with sha384
+ Salt Length: 0x4E
+server9.req.sha512
+ Hash Algorithm: sha512
+ Mask Algorithm: mgf1 with sha512
+ Salt Length: 0x3E
+
+These CSRss are signed with a 2048-bit key. It appears that they are
+all using saltlen = keylen - hashlen - 2.
+
+### Possible courses of action
+
+There's no question about what to do with TLS (any version); the only question
+is about X.509 signature verification. Options include:
+
+1. Doing all verifications with `PSA_ALG_RSA_PSS_ANY_SALT` - while this
+ wouldn't cause a concrete security issue, this would be non-compliant.
+2. Doing verifications with `PSA_ALG_RSA_PSS` when we're lucky and the encoded
+ saltlen happens to match hashlen, and falling back to `ANY_SALT` otherwise.
+Same issue as with the previous point, except more contained.
+3. Reject all certificates with saltlen != hashlen. This includes all
+ certificates generate with OpenSSL using the default parameters, so it's
+probably not acceptable.
+4. Request an extension to the PSA Crypto API and use one of the above options
+ in the meantime. Such an extension seems inconvenient and not motivated by
+strong security arguments, so it's unclear whether it would be accepted.
+
+HKDF: Expand not exposed on its own (TLS 1.3)
+---------------------------------------------
+
+The HKDF function uses and Extract-then-Expand approch, that is:
+
+ HKDF(x, ...) = HKDF-Expand(HKDF-Extract(x, ...), ...)
+
+Only the full HKDF function is safe in general, however there are cases when
+one case safely use the individual Extract and Expand; the TLS 1.3 key
+schedule does so. Specifically, looking at the [hierarchy of secrets][13hs]
+is seems that Expand and Extract are always chained, so that this hierarchy
+can be implemented using only the full HKDF. However, looking at the
+derivation of traffic keys (7.3) and the update mechanism (7.2) it appears
+that calls to HKDF-Expand are iterated without any intermediated call to
+HKDF-Extract : that is, the traffic keys are computed as
+
+ HKDF-Expand(HKDF-Expand(HKDF-Extract(...)))
+
+(with possibly more than two Expands in a row with update).
+
+[13hs]: https://datatracker.ietf.org/doc/html/rfc8446#page-93
+
+In the short term (early 2022), we'll work around that by re-implementing HKDF
+in `ssl_tls13_keys.c` based on the `psa_mac_` APIs (for HMAC).
+
+In the long term, it is desirable to extend the PSA API. See
+https://github.com/ARM-software/psa-crypto-api/issues/539
+
+Limitations relevant for G2 (isolation of long-term secrets)
+============================================================
+
+Custom key derivations for mixed-PSK handshake
+----------------------------------------------
+
+Currently, `MBEDTLS_USE_PSA_CRYPTO` enables the new configuration function
+`mbedtls_ssl_conf_psk_opaque()` which allows a PSA-held key to be used for the
+(pure) `PSK` key exchange in TLS 1.2. This requires that the derivation of the
+Master Secret (MS) be done on the PSA side. To support this, an algorithm
+family `PSA_ALG_TLS12_PSK_TO_MS(hash_alg)` was added to PSA Crypto.
+
+If we want to support key isolation for the "mixed PSK" key exchanges:
+DHE-PSK, RSA-PSK, ECDHE-PSK, where the PSK is concatenated with the result of
+a DH key agreement (resp. RSA decryption) to form the pre-master secret (PMS)
+from which the MS is derived. If the value of the PSK is to remain hidden, we
+need the derivation PSK + secondary secret -> MS to be implemented as an
+ad-hoc PSA key derivation algorithm.
+
+Adding this new, TLS-specific, key derivation algorithm to PSA Crypto should
+be no harder than it was to add `PSA_ALG_TLS12_PSK_TO_MS()` but still requires
+an extension to PSA Crypto.
+
+Note: looking at RFCs 4279 and 5489, it appears that the structure of the PMS
+is always the same: 2-byte length of the secondary secret, secondary secret,
+2-byte length of the PSK, PSK. So, a single key derivation algorithm should be
+able to cover the 3 key exchanges DHE-PSK, RSA-PSK and ECDHE-PSK. (That's a
+minor gain: adding 3 algorithms would not be a blocker anyway.)
+
+Note: if later we want to also isolate short-term secret (G3), the "secondary
+secret" (output of DHE/ECDHE key agreement or RSA decryption) could be a
+candidate. This wouldn't be a problem as the PSA key derivation API always
+allows inputs from key slots. (Tangent: the hard part in isolating the result
+of RSA decryption would be still checking that is has the correct format:
+48 bytes, the first two matching the TLS version - note that this is timing
+sensitive.)
+
+HKDF: Expand not exposed on its own (TLS 1.3)
+---------------------------------------------
+
+See the section with the same name in the G1 part above for background.
+
+The work-around mentioned there works well enough just for acceleration, but
+is not sufficient for key isolation or generally proper key management (it
+requires marking keys are usable for HMAC while they should only be used for
+key derivation).
+
+The obvious long-term solution is to make HKDF-Expand available as a new KDF
+(in addition to the full HKDF) in PSA (with appropriate warnings in the
+documentation).
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
new file mode 100644
index 0000000..d63bb8e
--- /dev/null
+++ b/docs/architecture/psa-migration/strategy.md
@@ -0,0 +1,377 @@
+This document explains the strategy that was used so far in starting the
+migration to PSA Crypto and mentions future perspectives and open questions.
+
+Goals
+=====
+
+Several benefits are expected from migrating to PSA Crypto:
+
+G1. Use PSA Crypto drivers when available.
+G2. Allow isolation of long-term secrets (for example, private keys).
+G3. Allow isolation of short-term secrets (for example, TLS session keys).
+G4. Have a clean, unified API for Crypto (retire the legacy API).
+G5. Code size: compile out our implementation when a driver is available.
+
+Currently, some parts of (G1) and (G2) are implemented when
+`MBEDTLS_USE_PSA_CRYPTO` is enabled. For (G2) to take effect, the application
+needs to be changed to use new APIs.
+
+Generally speaking, the numbering above doesn't mean that each goal requires
+the preceding ones to be completed, for example G2-G5 could be done in any
+order; however they all either depend on G1 or are just much more convenient
+if G1 is done before (note that this is not a dependency on G1 being complete,
+it's more like each bit of G2-G5 is helped by some specific bit in G1).
+
+So, a solid intermediate goal would be to complete (G1) when
+`MBEDTLS_USA_PSA_CRYPTO` is enabled - that is, all crypto operations in X.509
+and TLS would be done via the PSA Crypto API.
+
+Compile-time options
+====================
+
+We currently have two compile-time options that are relevant to the migration:
+
+- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA
+ Crypto APIs.
+- `MBEDTLS_USE_PSA_CRYPTO` - disabled by default (enabled in "full" config),
+ controls usage of PSA Crypto APIs to perform operations in X.509 and TLS
+(G1 above), as well as the availability of some new APIs (G2 above).
+
+The reasons why `MBEDTLS_USE_PSA_CRYPTO` is optional and disabled by default
+are:
+- it's incompatible with `MBEDTLS_ECP_RESTARTABLE`;
+- historical: used to be incompatible
+ `MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` (fixed early 2022, see
+ <https://github.com/Mbed-TLS/mbedtls/issues/5259>);
+- it does not work well with `MBEDTLS_PSA_CRYPTO_CONFIG` (could compile with
+ both of them, but then `MBEDTLS_PSA_CRYPTO_CONFIG` won't have the desired
+effect)
+- to avoid a hard/default dependency of TLS, X.509 and PK on
+ `MBEDTLS_PSA_CRYPTO_C`, for backward compatibility reasons:
+ - when `MBEDTLS_PSA_CRYPTO_C` is enabled and used, applications need to call
+ `psa_crypto_init()` before TLS/X.509 uses PSA functions
+ - `MBEDTLS_PSA_CRYPTO_C` has a hard depend on `MBEDTLS_ENTROPY_C ||
+ MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` but it's
+ currently possible to compilte TLS and X.509 without any of the options.
+ Also, we can't just auto-enable `MBEDTLS_ENTROPY_C` as it doesn't build
+ out of the box on all platforms, and even less
+ `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as it requires a user-provided RNG
+ function.
+
+The downside of this approach is that until we feel ready to make
+`MBDEDTLS_USE_PSA_CRYPTO` non-optional (always enabled), we have to maintain
+two versions of some parts of the code: one using PSA, the other using the
+legacy APIs. However, see next section for strategies that can lower that
+cost. The rest of this section explains the reasons for the
+incompatibilities mentioned above.
+
+In the medium term (writing this in early 2020), we're going to look for ways
+to make `MBEDTLS_USE_PSA_CRYPTO` non-optional (always enabled).
+
+### `MBEDTLS_ECP_RESTARTABLE`
+
+Currently this option controls not only the presence of restartable APIs in
+the crypto library, but also their use in the TLS and X.509 layers. Since PSA
+Crypto does not support restartable operations, there's a clear conflict: the
+TLS and X.509 layers can't both use only PSA APIs and get restartable
+behaviour.
+
+Supporting this in PSA is on our roadmap (it's been requested). But it's way
+below generalizing support for `MBEDTLS_USE_PSA_CRYPTO` for “mainstream” use
+cases on our priority list. So in the medium term `MBEDTLS_ECP_RESTARTABLE` is
+incompatible with `MBEDTLS_USE_PSA_CRYPTO`.
+
+Note: it is possible to make the options compatible at build time simply by
+deciding that when `USE_PSA_CRYPTO` is enabled, PSA APIs are used except if
+restartable behaviour was requested at run-time (in addition to enabling
+`MBEDTLS_ECP_RESTARTABLE` in the build).
+
+### `MBEDTLS_PSA_CRYPTO_CONFIG`
+
+(This section taken from a comment by Gilles.)
+
+X509 and TLS code use `MBEDTLS_xxx` macros to decide whether an algorithm is
+supported. This doesn't make `MBEDTLS_USE_PSA_CRYPTO` incompatible with
+`MBEDTLS_PSA_CRYPTO_CONFIG` per se, but it makes it incompatible with most
+useful uses of `MBEDTLS_PSA_CRYPTO_CONFIG`. The point of
+`MBEDTLS_PSA_CRYPTO_CONFIG` is to be able to build a library with support for
+an algorithm through a PSA driver only, without building the software
+implementation of that algorithm. But then the TLS code would consider the
+algorithm unavailable.
+
+This is tracked in https://github.com/Mbed-TLS/mbedtls/issues/3674 and
+https://github.com/Mbed-TLS/mbedtls/issues/3677. But now that I look at it with
+fresh eyes, I don't think the approach we were planning to use would actually
+works. This needs more design effort.
+
+This is something we need to support eventually, and several partners want it.
+I don't know what the priority is for `MBEDTLS_USE_PSA_CRYPTO` between
+improving driver support and covering more of the protocol. It seems to me
+that it'll be less work overall to first implement a good architecture for
+`MBEDTLS_USE_PSA_CRYPTO + MBEDTLS_PSA_CRYPTO_CONFIG` and then extend to more
+protocol features, because implementing that architecture will require changes
+to the existing code and the less code there is at this point the better,
+whereas extending to more protocol features will require the same amount of
+work either way.
+
+### Backward compatibility issues with making it always on
+
+1. Existing applications may not be calling `psa_crypto_init()` before using
+ TLS, X.509 or PK. We can try to work around that by calling (the relevant
+part of) it ourselves under the hood as needed, but that would likely require
+splitting init between the parts that can fail and the parts that can't (see
+https://github.com/ARM-software/psa-crypto-api/pull/536 for that).
+2. It's currently not possible to enable `MBEDTLS_PSA_CRYPTO_C` in
+ configurations that don't have `MBEDTLS_ENTROPY_C`, and we can't just
+auto-enable the latter, as it won't build or work out of the box on all
+platforms. There are two kinds of things we'd need to do if we want to work
+around that:
+ 1. Make it possible to enable the parts of PSA Crypto that don't require an
+ RNG (typically, public key operations, symmetric crypto, some key
+management functions (destroy etc)) in configurations that don't have
+`ENTROPY_C`. This requires going through the PSA code base to adjust
+dependencies. Risk: there may be annoying dependencies, some of which may be
+surprising.
+ 2. For operations that require an RNG, provide an alternative function
+ accepting an explicit `f_rng` parameter (see #5238), that would be
+available in entropy-less builds. (Then code using those functions still needs
+to have one version using it, for entropy-less builds, and one version using
+the standard function, for driver support in build with entropy.)
+
+See https://github.com/Mbed-TLS/mbedtls/issues/5156
+
+Taking advantage of the existing abstractions layers - or not
+=============================================================
+
+The Crypto library in Mbed TLS currently has 3 abstraction layers that offer
+algorithm-agnostic APIs for a class of algorithms:
+
+- MD for messages digests aka hashes (including HMAC)
+- Cipher for symmetric ciphers (included AEAD)
+- PK for asymmetric (aka public-key) cryptography (excluding key exchange)
+
+Note: key exchange (FFDH, ECDH) is not covered by an abstraction layer.
+
+These abstraction layers typically provide, in addition to the API for crypto
+operations, types and numerical identifiers for algorithms (for
+example `mbedtls_cipher_mode_t` and its values). The
+current strategy is to keep using those identifiers in most of the code, in
+particular in existing structures and public APIs, even when
+`MBEDTLS_USE_PSA_CRYPTO` is enabled. (This is not an issue for G1, G2, G3
+above, and is only potentially relevant for G4.)
+
+The are multiple strategies that can be used regarding the place of those
+layers in the migration to PSA.
+
+Silently call to PSA from the abstraction layer
+-----------------------------------------------
+
+- Provide a new definition (conditionally on `USE_PSA_CRYPTO`) of wrapper
+ functions in the abstraction layer, that calls PSA instead of the legacy
+crypto API.
+- Upside: changes contained to a single place, no need to change TLS or X.509
+ code anywhere.
+- Downside: tricky to implement if the PSA implementation is currently done on
+ top of that layer (dependency loop).
+
+This strategy is currently (late 2021) used for ECDSA signature
+verification in the PK layer, and could be extended to all operations in the
+PK layer.
+
+This strategy is not very well suited to the Cipher layer, as the PSA
+implementation is currently done on top of that layer.
+
+This strategy will probably be used for some time for the PK layer, while we
+figure out what the future of that layer is: parts of it (parse/write, ECDSA
+signatures in the format that X.509 & TLS want) are not covered by PSA, so
+they will need to keep existing in some way. Also the PK layer is also a good
+place for dispatching to either PSA or `mbedtls_xxx_restartable` while that
+part is not covered by PSA yet.
+
+Replace calls for each operation
+--------------------------------
+
+- For every operation that's done through this layer in TLS or X.509, just
+ replace function call with calls to PSA (conditionally on `USE_PSA_CRYPTO`)
+- Upside: conceptually simple, and if the PSA implementation is currently done
+ on top of that layer, avoids concerns about dependency loops.
+- Upside: opens the door to building TLS/X.509 without that layer, saving some
+ code size.
+- Downside: TLS/X.509 code has to be done for each operation.
+
+This strategy is currently (late 2021) used for the MD layer. (Currently only
+a subset of calling places, but will be extended to all of them.)
+
+In the future (early 2022) we're going to use it for the Cipher layer as well.
+
+Opt-in use of PSA from the abstraction layer
+--------------------------------------------
+
+- Provide a new way to set up a context that causes operations on that context
+ to be done via PSA.
+- Upside: changes mostly contained in one place, TLS/X.509 code only needs to
+ be changed when setting up the context, but not when using it. In
+ particular, no changes to/duplication of existing public APIs that expect a
+ key to be passed as a context of this layer (eg, `mbedtls_pk_context`).
+- Upside: avoids dependency loop when PSA implemented on top of that layer.
+- Downside: when the context is typically set up by the application, requires
+ changes in application code.
+
+This strategy is not useful when no context is used, for example with the
+one-shot function `mbedtls_md()`.
+
+There are two variants of this strategy: one where using the new setup
+function also allows for key isolation (the key is only held by PSA,
+supporting both G1 and G2 in that area), and one without isolation (the key is
+still stored outside of PSA most of the time, supporting only G1).
+
+This strategy, with support for key isolation, is currently (end of 2021) used for ECDSA
+signature generation in the PK layer - see `mbedtls_pk_setup_opaque()`. This
+allows use of PSA-held private ECDSA keys in TLS and X.509 with no change to
+the TLS/X.509 code, but a contained change in the application. If could be
+extended to other private key operations in the PK layer, which is the plan as
+of early 2022.
+
+This strategy, without key isolation, is also currently used in the Cipher
+layer - see `mbedtls_cipher_setup_psa()`. This allows use of PSA for cipher
+operations in TLS with no change to the application code, and a
+contained change in TLS code. (It currently only supports a subset of
+ciphers.) However, we'll move to the "Replace calls for each operation"
+strategy (early 2022), in the hope of being able to build without this layer
+in order to save some code size in the future.
+
+Note: for private key operations in the PK layer, both the "silent" and the
+"opt-in" strategy can apply, and can complement each other, as one provides
+support for key isolation, but at the (unavoidable) code of change in
+application code, while the other requires no application change to get
+support for drivers, but fails to provide isolation support.
+
+Summary
+-------
+
+Strategies currently used with each abstraction layer:
+
+- PK (for G1): silently call PSA
+- PK (for G2): opt-in use of PSA (new key type)
+- Cipher (G1):
+ - late 2021: opt-in use of PSA (new setup function)
+ - early 2022: moving to "replace calls at each call site"
+- MD (G1): replace calls at each call site
+
+Migrating away from the legacy API
+==================================
+
+This section briefly introduces questions and possible plans towards G4,
+mainly as they relate to choices in previous stages.
+
+The role of the PK/Cipher/MD APIs in user migration
+---------------------------------------------------
+
+We're currently taking advantage of the existing PK and Cipher layers in order
+to reduce the number of places where library code needs to be changed. It's
+only natural to consider using the same strategy (with the PK, MD and Cipher
+layers) for facilitating migration of application code.
+
+Note: a necessary first step for that would be to make sure PSA is no longer
+implemented of top of the concerned layers
+
+### Zero-cost compatibility layer?
+
+The most favourable case is if we can have a zero-cost abstraction (no
+runtime, RAM usage or code size penalty), for example just a bunch of
+`#define`s, essentially mapping `mbedtls_` APIs to their `psa_` equivalent.
+
+Unfortunately that's unlikely fully work. For example, the MD layer uses the
+same context type for hashes and HMACs, while the PSA API (rightfully) has
+distinct operation types. Similarly, the Cipher layer uses the same context
+type for unauthenticated and AEAD ciphers, which again the PSA API
+distinguishes.
+
+It is unclear how much value, if any, a zero-cost compatibility layer that's
+incomplete (for example, for MD covering only hashes, or for Cipher covering
+only AEAD) or differs significantly from the existing API (for example,
+introducing new context types) would provide to users.
+
+### Low-cost compatibility layers?
+
+Another possibility is to keep most or all of the existing API for the PK, MD
+and Cipher layers, implemented on top of PSA, aiming for the lowest possible
+cost. For example, `mbedtls_md_context_t` would be defined as a (tagged) union
+of `psa_hash_operation_t` and `psa_mac_operation_t`, then `mbedtls_md_setup()`
+would initialize the correct part, and the rest of the functions be simple
+wrappers around PSA functions. This would vastly reduce the complexity of the
+layers compared to the existing (no need to dispatch through function
+pointers, just call the corresponding PSA API).
+
+Since this would still represent a non-zero cost, not only in terms of code
+size, but also in terms of maintenance (testing, etc.) this would probably
+be a temporary solution: for example keep the compatibility layers in 4.0 (and
+make them optional), but remove them in 5.0.
+
+Again, this provides the most value to users if we can manage to keep the
+existing API unchanged. Their might be conflicts between this goal and that of
+reducing the cost, and judgment calls may need to be made.
+
+Note: when it comes to holding public keys in the PK layer, depending on how
+the rest of the code is structured, it may be worth holding the key data in
+memory controlled by the PK layer as opposed to a PSA key slot, moving it to a
+slot only when needed (see current `ecdsa_verify_wrap` when
+`MBEDTLS_USE_PSA_CRYPTO` is defined) For example, when parsing a large
+number, N, of X.509 certificates (for example the list of trusted roots), it
+might be undesirable to use N PSA key slots for their public keys as long as
+the certs are loaded. OTOH, this could also be addressed by merging the "X.509
+parsing on-demand" (#2478), and then the public key data would be held as
+bytes in the X.509 CRT structure, and only moved to a PK context / PSA slot
+when it's actually used.
+
+Note: the PK layer actually consists of two relatively distinct parts: crypto
+operations, which will be covered by PSA, and parsing/writing (exporting)
+from/to various formats, which is currently not fully covered by the PSA
+Crypto API.
+
+### Algorithm identifiers and other identifiers
+
+It should be easy to provide the user with a bunch of `#define`s for algorithm
+identifiers, for example `#define MBEDTLS_MD_SHA256 PSA_ALG_SHA_256`; most of
+those would be in the MD, Cipher and PK compatibility layers mentioned above,
+but there might be some in other modules that may be worth considering, for
+example identifiers for elliptic curves.
+
+### Lower layers
+
+Generally speaking, we would retire all of the low-level, non-generic modules,
+such as AES, SHA-256, RSA, DHM, ECDH, ECP, bignum, etc, without providing
+compatibility APIs for them. People would be encouraged to switch to the PSA
+API. (The compatibility implementation of the existing PK, MD, Cipher APIs
+would mostly benefit people who already used those generic APis rather than
+the low-level, alg-specific ones.)
+
+### APIs in TLS and X.509
+
+Public APIs in TLS and X.509 may be affected by the migration in at least two
+ways:
+
+1. APIs that rely on a legacy `mbedtls_` crypto type: for example
+ `mbedtls_ssl_conf_own_cert()` to configure a (certificate and the
+associated) private key. Currently the private key is passed as a
+`mbedtls_pk_context` object, which would probably change to a `psa_key_id_t`.
+Since some users would probably still be using the compatibility PK layer, it
+would need a way to easily extract the PSA key ID from the PK context.
+
+2. APIs the accept list of identifiers: for example
+ `mbedtls_ssl_conf_curves()` taking a list of `mbedtls_ecp_group_id`s. This
+could be changed to accept a list of pairs (`psa_ecc_familiy_t`, size) but we
+should probably take this opportunity to move to a identifier independent from
+the underlying crypto implementation and use TLS-specific identifiers instead
+(based on IANA values or custom enums), as is currently done in the new
+`mbedtls_ssl_conf_groups()` API, see #4859).
+
+Testing
+-------
+
+An question that needs careful consideration when we come around to removing
+the low-level crypto APIs and making PK, MD and Cipher optional compatibility
+layers is to be sure to preserve testing quality. A lot of the existing test
+cases use the low level crypto APIs; we would need to either keep using that
+API for tests, or manually migrated test to the PSA Crypto API. Perhaps a
+combination of both, perhaps evolving gradually over time.
diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh
new file mode 100755
index 0000000..5c34b28
--- /dev/null
+++ b/docs/architecture/psa-migration/syms.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Purpose
+#
+# Show symbols in the X.509 and TLS libraries that are defined in another
+# libmbedtlsXXX.a library. This is usually done to list Crypto dependencies.
+#
+# Usage:
+# - build the library with debug symbols and the config you're interested in
+# (default, full minus MBEDTLS_USE_PSA_CRYPTO, full, etc.)
+# - run this script with the name of your config as the only argument
+
+set -eu
+
+# list mbedtls_ symbols of a given type in a static library
+syms() {
+ TYPE="$1"
+ FILE="$2"
+
+ nm "$FILE" | sed -n "s/[0-9a-f ]*${TYPE} \(mbedtls_.*\)/\1/p" | sort -u
+}
+
+# create listings for the given library
+list() {
+ NAME="$1"
+ FILE="library/libmbed${NAME}.a"
+ PREF="${CONFIG}-$NAME"
+
+ syms '[TRrD]' $FILE > ${PREF}-defined
+ syms U $FILE > ${PREF}-unresolved
+
+ diff ${PREF}-defined ${PREF}-unresolved \
+ | sed -n 's/^> //p' > ${PREF}-external
+ sed 's/mbedtls_\([^_]*\).*/\1/' ${PREF}-external \
+ | uniq -c | sort -rn > ${PREF}-modules
+
+ rm ${PREF}-defined ${PREF}-unresolved
+}
+
+CONFIG="${1:-unknown}"
+
+list x509
+list tls
diff --git a/docs/architecture/psa-migration/tasks-g2.md b/docs/architecture/psa-migration/tasks-g2.md
new file mode 100644
index 0000000..72bd377
--- /dev/null
+++ b/docs/architecture/psa-migration/tasks-g2.md
@@ -0,0 +1,80 @@
+This document is temporary; it lists tasks to achieve G2 as described in
+`strategy.md` while the strategy is being reviewed - once that's done,
+corresponding github issues will be created and this document removed.
+
+For all of the tasks here, specific testing (integration and unit test depending
+on the task) is required, see `testing.md`.
+
+RSA Signature operations
+========================
+
+In PK
+-----
+
+### Modify existing `PK_OPAQUE` type to allow for RSA keys
+
+- the following must work and be tested: `mbedtls_pk_get_type()`,
+ `mbedtls_pk_get_name()`, `mbedtls_pk_get_bitlen()`, `mbedtls_pk_get_len()`,
+`mbedtls_pk_can_do()`.
+- most likely adapt `pk_psa_genkey()` in `test_suite_pk.function`.
+- all other function (sign, verify, encrypt, decrypt, check pair, debug) will
+ return `MBEDTLS_ERR_PK_TYPE_MISMATCH` and this will be tested too.
+
+### Modify `mbedtls_pk_wrap_as_opaque()` to work with RSA.
+
+- OK to have policy hardcoded on signing with PKCS1v1.5, or allow more if
+ available at this time
+
+### Modify `mbedtls_pk_write_pubkey_der()` to work with RSA-opaque.
+
+- OK to just test that a generated key (with `pk_psa_genkey()`) can be
+ written, without checking for correctness of the result - this will be
+tested as part of another task
+
+### Make `mbedtls_pk_sign()` work with RSA-opaque.
+
+- testing may extend `pk_psa_sign()` in `test_suite_pk_function` by adding
+ selector for ECDSA/RSA.
+
+In X.509
+--------
+
+### Test using RSA-opaque for CSR generation
+
+- similar to what's already done with ECDSA-opaque
+
+### Test using opaque keys for Certificate generation
+
+- similar to what's done with testing CSR generation
+- should test both RSA and ECDSA as ECDSA is not tested yet
+- might require slight code adaptations, even if unlikely
+
+
+In TLS
+------
+
+### Test using RSA-opaque for TLS client auth
+
+- similar to what's already done with ECDSA-opaque
+
+### Test using RSA-opaque for TLS server auth
+
+- similar to what's already done with ECDSA-opaque
+- key exchanges: ECDHE-RSA and DHE-RSA
+
+RSA decrypt
+===========
+
+### Extend `PK_OPAQUE` to allow RSA decryption (PKCS1 v1.5)
+
+### Test using that in TLS for RSA and RSA-PSK key exchange.
+
+Support opaque PSKs for "mixed-PSK" key exchanges
+=================================================
+
+See `PSA-limitations.md`.
+
+Possible split:
+- one task to extend PSA (see `PSA-limitations.md`)
+- then one task per handshake: DHE-PSK, ECDHE-PSK, RSA-PSK (with tests for
+ each)
diff --git a/docs/architecture/psa-migration/testing.md b/docs/architecture/psa-migration/testing.md
new file mode 100644
index 0000000..70229ce
--- /dev/null
+++ b/docs/architecture/psa-migration/testing.md
@@ -0,0 +1,99 @@
+Testing strategy for `MBEDTLS_USE_PSA_CRYPTO`
+=============================================
+
+This document records the testing strategy used so far in implementing
+`MBEDTLS_USE_PSA_CRYPTO`.
+
+
+General considerations
+----------------------
+
+There needs to be at least one build in `all.sh` that enables
+`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's
+ensured by the fact that `scripts/config.py full` enables
+`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with
+`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's
+ensured by the fact that it's disabled in the default config.
+
+Generally, code review is enough to ensure that PSA APIs are indeed used where
+they should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
+However, when it comes to TLS, we also have the option of using debug messages
+to confirm which code path is taken. This is generally unnecessary, except when
+a decision is made at run-time about whether to use the PSA or legacy code
+path. For example, for record protection, currently some ciphers are supported
+via PSA while some others aren't, with a run-time fallback. In this case, it's
+good to have a debug message checked by the test case to confirm that the
+right decision was made at run-time, i. e. that we didn't use the fallback for
+ciphers that are supposed to be supported.
+
+
+New APIs meant for application use
+----------------------------------
+
+For example, `mbedtls_pk_setup_opaque()` is meant to be used by applications
+in order to create PK contexts that can then be passed to existing TLS and
+X.509 APIs (which remain unchanged).
+
+In that case, we want:
+
+- unit testing of the new API and directly-related APIs - for example:
+ - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises
+ `mbedtls_pk_setup_opaque()` and checks that various utility functions
+ (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to
+ fail (`mbedtls_pk_verify()` etc) return the expected error.
+ - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to
+ check that signature generation works as expected
+ - in `test_suite_pkwrite` we should have a new test function checking that
+ exporting (writing out) the public part of the key works as expected and
+ that exporting the private key fails as expected.
+- integration testing of the new API with each existing API which should
+ accepts a context created this way - for example:
+ - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the
+ new API to be used, and one or more tests in `ssl-opt.sh` using that.
+ (We should have the same server-side.)
+ - in `test_suite_x509write` we have a new test function
+ `x509_csr_check_opaque()` checking integration of the new API with the
+ existing `mbedtls_x509write_csr_set_key()`.
+ (We should have something similar for
+ `mbedtls_x509write_crt_set_issuer_key()`.)
+
+For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in
+`test_suite_ssl` was historically not possible, so we only have testing in
+`ssl-opt.sh`.
+
+New APIs meant for internal use
+-------------------------------
+
+For example, `mbedtls_cipher_setup_psa()` is meant to be used by the TLS
+layer, but probably not directly by applications.
+
+In that case, we want:
+
+- unit testing of the new API and directly-related APIs - for example:
+ - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and
+ `test_vec_crypt` gained a new parameter `use_psa` and corresponding test
+ cases
+- integration testing:
+ - usually already covered by existing tests for higher-level modules:
+ - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already
+ covered by running the existing TLS tests in a build with
+ `MBEDTLS_USA_PSA_CRYPTO` enabled
+ - however if use of the new API in higher layers involves more logic that
+ use of the old API, specific integrations test may be required
+ - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to
+ `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in
+ `ssl-opt.sh`.
+
+Internal changes
+----------------
+
+For example, use of PSA to compute the TLS 1.2 PRF.
+
+Changes in this category rarely require specific testing, as everything should
+be already be covered by running the existing tests in a build with
+`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing
+test have sufficient coverage, and improve them if necessary.
+
+However, if additional logic is involved, or there are run-time decisions about
+whether to use the PSA or legacy code paths, specific tests might be in order.
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md
index e293985..0e20a8b 100644
--- a/docs/architecture/testing/psa-storage-format-testing.md
+++ b/docs/architecture/testing/psa-storage-format-testing.md
@@ -34,7 +34,7 @@
Test cases should normally not be removed from the code base: if something has worked before, it should keep working in future versions, so we should keep testing it.
-This cannot be enforced solely by looking at a single version of Mbed TLS, since there would be no indication that more test cases used to exist. It can only be enforced through review of library changes. The review may be assisted by a tool that compares the old and the new version, in the same way that `abi-check.py` compares the library's API and ABI.
+This cannot be enforced solely by looking at a single version of Mbed TLS, since there would be no indication that more test cases used to exist. It can only be enforced through review of library changes. The review is be assisted by a tool that compares the old and the new version, which is implemented in `scripts/abi_check.py`. This tool fails the CI if load-and-check test case disappears (changed test cases are raised as false positives).
If the way certain keys are stored changes, and we don't deliberately decide to stop supporting old keys (which should only be done by retiring a version of the storage format), then we should keep the corresponding test cases in load-only mode: create a file with the expected content, load it and check the data that it contains.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 9e9aad3..2cf2a48 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -120,14 +120,29 @@
the three first ones in the list above are mandatory (see section 9.1 of the
specification).
-- Supported versions: only TLS 1.3, version negotiation is not supported.
+- Supported versions:
+
+ - TLS 1.2 and TLS 1.3 but version negotiation is not supported.
+
+ - TLS 1.3 cannot be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3
+ configuration option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration
+ option).
+
+ - TLS 1.2 can be enabled in the build independently of TLS 1.3.
+
+ - If both TLS 1.3 and TLS 1.2 are enabled at build time, only one of them can
+ be configured at runtime via `mbedtls_ssl_conf_{min,max}_version`. Otherwise,
+ `mbedtls_ssl_setup` will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error.
- Compatibility with existing SSL/TLS build options:
The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
sense that when enabling the TLS 1.3 MVP in the library there is no need to
- modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
- not supported or not applicable to the TLS 1.3 MVP:
+ modify the configuration for TLS 1.2. The MBEDTLS_USE_PSA_CRYPTO configuration
+ option is an exception though, the TLS 1.3 MVP is not compatible with it.
+
+ Mbed TLS SSL/TLS related features are not supported or not applicable to the
+ TLS 1.3 MVP:
| Mbed TLS configuration option | Support |
| ---------------------------------------- | ------- |
@@ -309,7 +324,7 @@
```
- To mitigate what happened here
- (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
+ (https://github.com/Mbed-TLS/mbedtls/pull/4882#discussion_r701704527) from
happening again, use always a local variable named `p` for the reading
pointer in functions parsing TLS 1.3 data, and for the writing pointer in
functions writing data into an output buffer and only that variable. The
@@ -373,10 +388,10 @@
Example:
```
- int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
+ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buf_len );
```
- When a function's parameters span several lines, group related parameters
@@ -385,12 +400,12 @@
For example, prefer:
```
- mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type,
- buf, buf_len );
+ mbedtls_ssl_start_handshake_msg( ssl, hs_type,
+ buf, buf_len );
```
over
```
- mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf,
- buf_len );
+ mbedtls_ssl_start_handshake_msg( ssl, hs_type, buf,
+ buf_len );
```
even if it fits.
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 125a415..8147562 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -60,6 +60,10 @@
The concrete syntax for a driver description file is JSON.
+In addition to the properties described here, any JSON object may have a property called `"_comment"` of type string, which will be ignored.
+
+PSA Cryptography core implementations may support additional properties. Such properties must use names consisting of the implementation's name, a slash, and additional characters. For example, the Yoyodyne implementation may use property names such as `"yoyodyne/foo"` and `"yoyodyne/widgets/girth"`.
+
#### Driver description list
PSA Cryptography core implementations should support multiple drivers. The driver description files are passed to the implementation as an ordered list in an unspecified manner. This may be, for example, a list of file names passed on a command line, or a JSON list whose elements are individual driver descriptions.
@@ -68,7 +72,7 @@
A driver description is a JSON object containing the following properties:
-* `"prefix"` (mandatory, string). This must be a valid prefix for a C identifier. All the types and functions provided by the driver have a name that starts with this prefix unless overridden with a `"name"` element in the applicable capability as described below.
+* `"prefix"` (mandatory, string). This must be a valid, non-empty prefix for a C identifier. All the types and functions provided by the driver have a name that starts with this prefix unless overridden with a `"name"` element in the applicable capability as described below.
* `"type"` (mandatory, string). One of `"transparent"` or `"opaque"`.
* `"headers"` (optional, array of strings). A list of header files. These header files must define the types, macros and constants referenced by the driver description. They may declare the entry point functions, but this is not required. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. The header files must be present at the specified location relative to a directory on the compiler's include path when compiling glue code between the core and the drivers.
* `"capabilities"` (mandatory, array of [capabilities](#driver-description-capability)).
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
new file mode 100644
index 0000000..2a10ca0
--- /dev/null
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -0,0 +1,32 @@
+Migrating to an auto generated psa_crypto_driver_wrappers.c file
+================================================================
+
+**This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.**
+
+This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file.
+It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
+
+## Introduction
+
+The design of the Driver Wrappers code generation is based on the design proposal https://github.com/Mbed-TLS/mbedtls/pull/5067
+During the process of implementation there might be minor variations wrt versioning and broader implementation specific ideas, but the design remains the same.
+
+## Prerequisites
+
+Python3 and Jinja2 rev 2.10.1
+
+## Feature Version
+
+1.0
+
+### What's critical for a migrating user
+
+The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver descrioption JSON file(s).
+
+While that is the larger goal, for version 1.0 here's what's changed
+
+#### What's changed
+
+(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
+(2) The auto generation is based on the template file at scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja.
+(3) So while all driver wrapper templating support is yet to come in, the library user will need to patch into the template file as needed, this could be read as replacing the template file with the current psa_crypto_driver_wrappers.c file maintained by the library user.
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 4a78e47..9c97b5d 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -59,10 +59,9 @@
- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
request).
-In the TLS and X.509 API, there are two other functions which accept a key or
-keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
-`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
-works but is so far untested.
+In the TLS and X.509 API, there's one other function which accepts a keypair
+as a PK context: `mbedtls_x509write_crt_set_issuer_key()`. Use of opaque
+contexts here probably works but is so far untested.
### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index ea7afca..6d104c8 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,1911 +1,29 @@
-# Doxyfile 1.8.4
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project.
-#
-# All text after a double hash (##) is considered a comment and is placed
-# in front of the TAG it is preceding .
-# All text after a hash (#) is considered a comment and will be ignored.
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ").
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# This tag specifies the encoding used for all characters in the config file
-# that follow. The default is UTF-8 which is also the encoding used for all
-# text before the first occurrence of this tag. Doxygen uses libiconv (or the
-# iconv built into libc) for the transcoding. See
-# http://www.gnu.org/software/libiconv for the list of possible encodings.
-
-DOXYFILE_ENCODING = UTF-8
-
-# The PROJECT_NAME tag is a single word (or sequence of words) that should
-# identify the project. Note that if you do not use Doxywizard you need
-# to put quotes around the project name if it contains spaces.
-
PROJECT_NAME = "mbed TLS v3.1.0"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER =
-
-# Using the PROJECT_BRIEF tag one can provide an optional one line description
-# for a project that appears at the top of each page and should give viewer
-# a quick idea about the purpose of the project. Keep the description short.
-
-PROJECT_BRIEF =
-
-# With the PROJECT_LOGO tag one can specify an logo or icon that is
-# included in the documentation. The maximum height of the logo should not
-# exceed 55 pixels and the maximum width should not exceed 200 pixels.
-# Doxygen will copy the logo to the output directory.
-
-PROJECT_LOGO =
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
OUTPUT_DIRECTORY = ../apidoc/
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
-# 4096 sub-directories (in 2 levels) under the output directory of each output
-# format and will distribute the generated files over these directories.
-# Enabling this option can be useful when feeding doxygen a huge amount of
-# source files, where putting all generated files in the same directory would
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
-# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
-# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
-# messages), Korean, Korean-en, Latvian, Lithuanian, Norwegian, Macedonian,
-# Persian, Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic,
-# Slovak, Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
-
-OUTPUT_LANGUAGE = English
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator
-# that is used to form the text in various listings. Each string
-# in this list, if found as the leading text of the brief description, will be
-# stripped from the text and the result after processing the whole list, is
-# used as the annotated text. Otherwise, the brief description is used as-is.
-# If left blank, the following values are used ("$name" is automatically
-# replaced with the name of the entity): "The $name class" "The $name widget"
-# "The $name file" "is" "provides" "specifies" "contains"
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF = "The $name class" \
- "The $name widget" \
- "The $name file" \
- is \
- provides \
- specifies \
- contains \
- represents \
- a \
- an \
- the
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
-# inherited members of a class in the documentation of that class as if those
-# members were ordinary class members. Constructors, destructors and assignment
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
FULL_PATH_NAMES = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user-defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. The tag can be used to show relative paths in the file list.
-# If left blank the directory from which doxygen is run is used as the
-# path to strip. Note that you specify absolute paths here, but also
-# relative paths, which will be relative from the directory where doxygen is
-# started.
-
-STRIP_FROM_PATH =
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
-# the path mentioned in the documentation of a class, which tells
-# the reader which header file to include in order to use a class.
-# If left blank only the name of the header file containing the class
-# definition is used. Otherwise one should specify the include paths that
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH =
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful if your file system
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like regular Qt-style comments
-# (thus requiring an explicit @brief command for a brief description.)
-
-JAVADOC_AUTOBRIEF = NO
-
-# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
-# interpret the first line (until the first dot) of a Qt-style
-# comment as the brief description. If set to NO, the comments
-# will behave just like regular Qt-style comments (thus requiring
-# an explicit \brief command for a brief description.)
-
-QT_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# re-implements.
-
-INHERIT_DOCS = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
-# a new page for each member. If set to NO, the documentation of a member will
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 8
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user-defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# This tag can be used to specify a number of word-keyword mappings (TCL only).
-# A mapping has the form "name=value". For example adding
-# "class=itcl::class" will allow you to use the command class in the
-# itcl::class meaning.
-
-TCL_SUBST =
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
-# sources only. Doxygen will then generate output that is more tailored for C.
-# For instance, some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
-# sources only. Doxygen will then generate output that is more tailored for
-# Java. For instance, namespaces will be presented as packages, qualified
-# scopes will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
-# sources only. Doxygen will then generate output that is more tailored for
-# Fortran.
-
-OPTIMIZE_FOR_FORTRAN = NO
-
-# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
-# sources. Doxygen will then generate output that is tailored for
-# VHDL.
-
-OPTIMIZE_OUTPUT_VHDL = NO
-
-# Doxygen selects the parser to use depending on the extension of the files it
-# parses. With this tag you can assign which parser to use for a given
-# extension. Doxygen has a built-in mapping, but you can override or extend it
-# using this tag. The format is ext=language, where ext is a file extension,
-# and language is one of the parsers supported by doxygen: IDL, Java,
-# Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C,
-# C++. For instance to make doxygen treat .inc files as Fortran files (default
-# is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note
-# that for custom extensions you also need to set FILE_PATTERNS otherwise the
-# files are not read by doxygen.
-
-EXTENSION_MAPPING =
-
-# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all
-# comments according to the Markdown format, which allows for more readable
-# documentation. See http://daringfireball.net/projects/markdown/ for details.
-# The output of markdown processing is further processed by doxygen, so you
-# can mix doxygen, HTML, and XML commands with Markdown formatting.
-# Disable only in case of backward compatibilities issues.
-
-MARKDOWN_SUPPORT = YES
-
-# When enabled doxygen tries to link words that correspond to documented
-# classes, or namespaces to their corresponding documentation. Such a link can
-# be prevented in individual cases by by putting a % sign in front of the word
-# or globally by setting AUTOLINK_SUPPORT to NO.
-
-AUTOLINK_SUPPORT = YES
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
-# to include (a tag file for) the STL sources as input, then you should
-# set this tag to YES in order to let doxygen match functions declarations and
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
-# func(std::string) {}). This also makes the inheritance and collaboration
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT = NO
-
-# If you use Microsoft's C++/CLI language, you should set this option to YES to
-# enable parsing support.
-
-CPP_CLI_SUPPORT = NO
-
-# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
-# Doxygen will parse them like normal C++ but will assume all classes use public
-# instead of private inheritance when no explicit protection keyword is present.
-
-SIP_SUPPORT = NO
-
-# For Microsoft's IDL there are propget and propput attributes to indicate
-# getter and setter methods for a property. Setting this option to YES (the
-# default) will make doxygen replace the get and set methods by a property in
-# the documentation. This will only work if the methods are indeed getting or
-# setting a simple type. If this is not the case, or you want to show the
-# methods anyway, you should set this option to NO.
-
-IDL_PROPERTY_SUPPORT = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
-# the same type (for instance a group of public functions) to be put as a
-# subgroup of that type (e.g. under the Public Functions section). Set it to
-# NO to prevent subgrouping. Alternatively, this can be done per class using
-# the \nosubgrouping command.
-
-SUBGROUPING = YES
-
-# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and
-# unions are shown inside the group in which they are included (e.g. using
-# @ingroup) instead of on a separate page (for HTML and Man pages) or
-# section (for LaTeX and RTF).
-
-INLINE_GROUPED_CLASSES = NO
-
-# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and
-# unions with only public data fields or simple typedef fields will be shown
-# inline in the documentation of the scope in which they are defined (i.e. file,
-# namespace, or group documentation), provided this scope is documented. If set
-# to NO (the default), structs, classes, and unions are shown on a separate
-# page (for HTML and Man pages) or section (for LaTeX and RTF).
-
-INLINE_SIMPLE_STRUCTS = NO
-
-# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
-# is documented as struct, union, or enum with the name of the typedef. So
-# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
-# with name TypeT. When disabled the typedef will appear as a member of a file,
-# namespace, or class. And the struct will be named TypeS. This can typically
-# be useful for C code in case the coding convention dictates that all compound
-# types are typedef'ed and only the typedef is referenced, never the tag name.
-
-TYPEDEF_HIDES_STRUCT = NO
-
-# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This
-# cache is used to resolve symbols given their name and scope. Since this can
-# be an expensive process and often the same symbol appear multiple times in
-# the code, doxygen keeps a cache of pre-resolved symbols. If the cache is too
-# small doxygen will become slower. If the cache is too large, memory is wasted.
-# The cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid
-# range is 0..9, the default is 0, corresponding to a cache size of 2^16 = 65536
-# symbols.
-
-LOOKUP_CACHE_SIZE = 0
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES
-
EXTRACT_ALL = YES
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
EXTRACT_PRIVATE = YES
-
-# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal
-# scope will be included in the documentation.
-
-EXTRACT_PACKAGE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
EXTRACT_STATIC = YES
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# This flag is only useful for Objective-C code. When set to YES local
-# methods, which are defined in the implementation section but not in
-# the interface are included in the documentation.
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS = YES
-
-# If this flag is set to YES, the members of anonymous namespaces will be
-# extracted and appear in the documentation as a namespace called
-# 'anonymous_namespace{file}', where file will be replaced with the base
-# name of the file that contains the anonymous namespace. By default
-# anonymous namespaces are hidden.
-
-EXTRACT_ANON_NSPACES = YES
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these classes will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower-case letters. If set to YES upper-case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# and Mac users are advised to set this option to NO.
-
CASE_SENSE_NAMES = NO
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put a list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = YES
-
-# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen
-# will list include files with double quotes in the documentation
-# rather than with sharp brackets.
-
-FORCE_LOCAL_INCLUDES = NO
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
-# brief documentation of file, namespace and class members alphabetically
-# by member name. If set to NO (the default) the members will appear in
-# declaration order.
-
-SORT_BRIEF_DOCS = NO
-
-# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen
-# will sort the (brief and detailed) documentation of class members so that
-# constructors and destructors are listed first. If set to NO (the default)
-# the constructors will appear in the respective orders defined by
-# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS.
-# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO
-# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
-
-SORT_MEMBERS_CTORS_1ST = NO
-
-# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
-# hierarchy of group names into alphabetical order. If set to NO (the default)
-# the group names will appear in their defined order.
-
-SORT_GROUP_NAMES = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
-# sorted by fully-qualified names, including namespaces. If set to
-# NO (the default), the class list will be sorted only by class name,
-# not including the namespace part.
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME = NO
-
-# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to
-# do proper type resolution of all parameters of a function it will reject a
-# match between the prototype and the implementation of a member function even
-# if there is only one candidate or it is obvious which candidate to choose
-# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen
-# will still accept a match between prototype and implementation in such cases.
-
-STRICT_PROTO_MATCHING = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if section-label ... \endif
-# and \cond section-label ... \endcond blocks.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or macro consists of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and macros in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
-# This will remove the Files entry from the Quick Index and from the
-# Folder Tree View (if specified). The default is YES.
-
-SHOW_FILES = YES
-
-# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
-# Namespaces page.
-# This will remove the Namespaces entry from the Quick Index
-# and from the Folder Tree View (if specified). The default is YES.
-
-SHOW_NAMESPACES = YES
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that
-# doxygen should invoke to get the current version for each file (typically from
-# the version control system). Doxygen will invoke the program by executing (via
-# popen()) the command <command> <input-file>, where <command> is the value of
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
-# provided by doxygen. Whatever the program writes to standard output
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER =
-
-# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
-# by doxygen. The layout file controls the global structure of the generated
-# output files in an output format independent way. To create the layout file
-# that represents doxygen's defaults, run doxygen with the -l option.
-# You can optionally specify a file name after the option, if omitted
-# DoxygenLayout.xml will be used as the name of the layout file.
-
-LAYOUT_FILE =
-
-# The CITE_BIB_FILES tag can be used to specify one or more bib files
-# containing the references data. This must be a list of .bib files. The
-# .bib extension is automatically appended if omitted. Using this command
-# requires the bibtex tool to be installed. See also
-# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style
-# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this
-# feature you need bibtex and perl available in the search path. Do not use
-# file names with spaces, bibtex cannot handle them.
-
-CITE_BIB_FILES =
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# The WARN_NO_PARAMDOC option can be enabled to get warnings for
-# functions that are documented, but have no documentation for their parameters
-# or return value. If set to NO (the default) doxygen will only warn about
-# wrong or incomplete parameter documentation, but not about the absence of
-# documentation.
-
-WARN_NO_PARAMDOC = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text. Optionally the format may contain
-# $version, which will be replaced by the version of the file (if it could
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
INPUT = ../include input
-
-# This tag can be used to specify the character encoding of the source files
-# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
-# also the default input encoding. Doxygen uses libiconv (or the iconv built
-# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
-# the list of possible encodings.
-
-INPUT_ENCODING = UTF-8
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh
-# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
-# *.f90 *.f *.for *.vhd *.vhdl
-
FILE_PATTERNS = *.h
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
RECURSIVE = YES
-
-# The EXCLUDE tag can be used to specify files and/or directories that should be
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-# Note that relative paths are relative to the directory from which doxygen is
-# run.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
-# directories that are symbolic links (a Unix file system feature) are excluded
-# from the input.
-
EXCLUDE_SYMLINKS = YES
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories. Note that the wildcards are matched
-# against the file with absolute path, so to exclude all test directories
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS =
-
-# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
-# (namespaces, classes, functions, etc.) that should be excluded from the
-# output. The symbol name can be a fully qualified name, a word, or if the
-# wildcard * is used, a substring. Examples: ANamespace, AClass,
-# AClass::ANamespace, ANamespace::*Test
-
-EXCLUDE_SYMBOLS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS = *
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-# If FILTER_PATTERNS is specified, this tag will be ignored.
-# Note that the filter must not add or remove lines; it is applied before the
-# code is scanned, but not when the output code is generated. If lines are added
-# or removed, the anchors will not be placed correctly.
-
-INPUT_FILTER =
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
-# basis.
-# Doxygen will compare the file name with each pattern and apply the
-# filter if there is a match.
-# The filters are a list of the form:
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
-# info on how filters are used. If FILTER_PATTERNS is empty or if
-# non of the patterns match the file name, INPUT_FILTER is applied.
-
-FILTER_PATTERNS =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
-# pattern. A pattern will override the setting for FILTER_PATTERN (if any)
-# and it is also possible to disable source filtering for a specific pattern
-# using *.ext= (so without naming a filter). This option only has effect when
-# FILTER_SOURCE_FILES is enabled.
-
-FILTER_SOURCE_PATTERNS =
-
-# If the USE_MD_FILE_AS_MAINPAGE tag refers to the name of a markdown file that
-# is part of the input, its contents will be placed on the main page
-# (index.html). This can be useful if you have a project on for instance GitHub
-# and want reuse the introduction page also for the doxygen output.
-
-USE_MDFILE_AS_MAINPAGE =
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-# Note: To get rid of all source code in the generated output, make sure also
-# VERBATIM_HEADERS is set to NO.
-
SOURCE_BROWSER = YES
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C, C++ and Fortran comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES
-# then for each documented function all documented
-# functions referencing it will be listed.
-
REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
REFERENCES_RELATION = YES
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code.
-# Otherwise they will link to the documentation.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code
-# will point to the HTML generated by the htags(1) tool instead of doxygen
-# built-in source browser. The htags tool is part of GNU's global source
-# tagging system (see http://www.gnu.org/software/global/global.html). You
-# will need version 4.8.6 or higher.
-
-USE_HTAGS = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
ALPHABETICAL_INDEX = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
HTML_OUTPUT = .
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header. Note that when using a custom header you are responsible
-# for the proper inclusion of any scripts and style sheets that doxygen
-# needs, which is dependent on the configuration options used.
-# It is advised to generate a default header using "doxygen -w html
-# header.html footer.html stylesheet.css YourConfigFile" and then modify
-# that header. Note that the header is subject to change so you typically
-# have to redo this when upgrading to a newer version of doxygen or when
-# changing the value of configuration settings such as GENERATE_TREEVIEW!
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If left blank doxygen will
-# generate a default style sheet. Note that it is recommended to use
-# HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this
-# tag will in the future become obsolete.
-
-HTML_STYLESHEET =
-
-# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional
-# user-defined cascading style sheet that is included after the standard
-# style sheets created by doxygen. Using this option one can overrule
-# certain style aspects. This is preferred over using HTML_STYLESHEET
-# since it does not replace the standard style sheet and is therefor more
-# robust against future updates. Doxygen will copy the style sheet file to
-# the output directory.
-
-HTML_EXTRA_STYLESHEET =
-
-# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
-# other source files which should be copied to the HTML output directory. Note
-# that these files will be copied to the base HTML output directory. Use the
-# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
-# files. In the HTML_STYLESHEET file, use the file name only. Also note that
-# the files will be copied as-is; there are no commands or markers available.
-
-HTML_EXTRA_FILES =
-
-# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output.
-# Doxygen will adjust the colors in the style sheet and background images
-# according to this color. Hue is specified as an angle on a colorwheel,
-# see http://en.wikipedia.org/wiki/Hue for more information.
-# For instance the value 0 represents red, 60 is yellow, 120 is green,
-# 180 is cyan, 240 is blue, 300 purple, and 360 is red again.
-# The allowed range is 0 to 359.
-
-HTML_COLORSTYLE_HUE = 220
-
-# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of
-# the colors in the HTML output. For a value of 0 the output will use
-# grayscales only. A value of 255 will produce the most vivid colors.
-
-HTML_COLORSTYLE_SAT = 100
-
-# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to
-# the luminance component of the colors in the HTML output. Values below
-# 100 gradually make the output lighter, whereas values above 100 make
-# the output darker. The value divided by 100 is the actual gamma applied,
-# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2,
-# and 100 does not change the gamma.
-
-HTML_COLORSTYLE_GAMMA = 80
-
-# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
-# page will contain the date and time when the page was generated. Setting
-# this to NO can help when comparing the output of multiple runs.
-
HTML_TIMESTAMP = YES
-
-# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
-# documentation will contain sections that can be hidden and shown after the
-# page has loaded.
-
-HTML_DYNAMIC_SECTIONS = NO
-
-# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of
-# entries shown in the various tree structured indices initially; the user
-# can expand and collapse entries dynamically later on. Doxygen will expand
-# the tree to such a level that at most the specified number of entries are
-# visible (unless a fully collapsed tree already exceeds this amount).
-# So setting the number of entries 1 will produce a full collapsed tree by
-# default. 0 is a special value representing an infinite number of entries
-# and will result in a full expanded tree by default.
-
-HTML_INDEX_NUM_ENTRIES = 100
-
-# If the GENERATE_DOCSET tag is set to YES, additional index files
-# will be generated that can be used as input for Apple's Xcode 3
-# integrated development environment, introduced with OSX 10.5 (Leopard).
-# To create a documentation set, doxygen will generate a Makefile in the
-# HTML output directory. Running make will produce the docset in that
-# directory and running "make install" will install the docset in
-# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
-# it at startup.
-# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
-# for more information.
-
-GENERATE_DOCSET = NO
-
-# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
-# feed. A documentation feed provides an umbrella under which multiple
-# documentation sets from a single provider (such as a company or product suite)
-# can be grouped.
-
-DOCSET_FEEDNAME = "Doxygen generated docs"
-
-# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
-# should uniquely identify the documentation set bundle. This should be a
-# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
-# will append .docset to the name.
-
-DOCSET_BUNDLE_ID = org.doxygen.Project
-
-# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely
-# identify the documentation publisher. This should be a reverse domain-name
-# style string, e.g. com.mycompany.MyDocSet.documentation.
-
-DOCSET_PUBLISHER_ID = org.doxygen.Publisher
-
-# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher.
-
-DOCSET_PUBLISHER_NAME = Publisher
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output directory.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
-# is used to encode HtmlHelp index (hhk), content (hhc) and project file
-# content.
-
-CHM_INDEX_ENCODING =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
-# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated
-# that can be used as input for Qt's qhelpgenerator to generate a
-# Qt Compressed Help (.qch) of the generated HTML documentation.
-
-GENERATE_QHP = NO
-
-# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
-# be used to specify the file name of the resulting .qch file.
-# The path specified is relative to the HTML output folder.
-
-QCH_FILE =
-
-# The QHP_NAMESPACE tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#namespace
-
-QHP_NAMESPACE = org.doxygen.Project
-
-# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#virtual-folders
-
-QHP_VIRTUAL_FOLDER = doc
-
-# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to
-# add. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#custom-filters
-
-QHP_CUST_FILTER_NAME =
-
-# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the
-# custom filter to add. For more information please see
-# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">
-# Qt Help Project / Custom Filters</a>.
-
-QHP_CUST_FILTER_ATTRS =
-
-# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
-# project's
-# filter section matches.
-# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">
-# Qt Help Project / Filter Attributes</a>.
-
-QHP_SECT_FILTER_ATTRS =
-
-# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
-# be used to specify the location of Qt's qhelpgenerator.
-# If non-empty doxygen will try to run qhelpgenerator on the generated
-# .qhp file.
-
-QHG_LOCATION =
-
-# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files
-# will be generated, which together with the HTML files, form an Eclipse help
-# plugin. To install this plugin and make it available under the help contents
-# menu in Eclipse, the contents of the directory containing the HTML and XML
-# files needs to be copied into the plugins directory of eclipse. The name of
-# the directory within the plugins directory should be the same as
-# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before
-# the help appears.
-
-GENERATE_ECLIPSEHELP = NO
-
-# A unique identifier for the eclipse help plugin. When installing the plugin
-# the directory name containing the HTML and XML files should also have
-# this name.
-
-ECLIPSE_DOC_ID = org.doxygen.Project
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs)
-# at top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it. Since the tabs have the same information as the
-# navigation tree you can set this option to NO if you already set
-# GENERATE_TREEVIEW to YES.
-
-DISABLE_INDEX = NO
-
-# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
-# structure should be generated to display hierarchical information.
-# If the tag value is set to YES, a side panel will be generated
-# containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
-# Windows users are probably better off using the HTML help feature.
-# Since the tree basically has the same information as the tab index you
-# could consider to set DISABLE_INDEX to NO when enabling this option.
-
-GENERATE_TREEVIEW = NO
-
-# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values
-# (range [0,1..20]) that doxygen will group on one line in the generated HTML
-# documentation. Note that a value of 0 will completely suppress the enum
-# values from appearing in the overview section.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open
-# links to external symbols imported via tag files in a separate window.
-
-EXT_LINKS_IN_WINDOW = NO
-
-# Use this tag to change the font size of Latex formulas included
-# as images in the HTML documentation. The default is 10. Note that
-# when you change the font size after a successful doxygen run you need
-# to manually remove any form_*.png images from the HTML output directory
-# to force them to be regenerated.
-
-FORMULA_FONTSIZE = 10
-
-# Use the FORMULA_TRANPARENT tag to determine whether or not the images
-# generated for formulas are transparent PNGs. Transparent PNGs are
-# not supported properly for IE 6.0, but are supported on all modern browsers.
-# Note that when changing this option you need to delete any form_*.png files
-# in the HTML output before the changes have effect.
-
-FORMULA_TRANSPARENT = YES
-
-# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax
-# (see http://www.mathjax.org) which uses client side Javascript for the
-# rendering instead of using prerendered bitmaps. Use this if you do not
-# have LaTeX installed or if you want to formulas look prettier in the HTML
-# output. When enabled you may also need to install MathJax separately and
-# configure the path to it using the MATHJAX_RELPATH option.
-
-USE_MATHJAX = NO
-
-# When MathJax is enabled you can set the default output format to be used for
-# the MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and
-# SVG. The default value is HTML-CSS, which is slower, but has the best
-# compatibility.
-
-MATHJAX_FORMAT = HTML-CSS
-
-# When MathJax is enabled you need to specify the location relative to the
-# HTML output directory using the MATHJAX_RELPATH option. The destination
-# directory should contain the MathJax.js script. For instance, if the mathjax
-# directory is located at the same level as the HTML output directory, then
-# MATHJAX_RELPATH should be ../mathjax. The default value points to
-# the MathJax Content Delivery Network so you can quickly see the result without
-# installing MathJax.
-# However, it is strongly recommended to install a local
-# copy of MathJax from http://www.mathjax.org before deployment.
-
-MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
-
-# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension
-# names that should be enabled during MathJax rendering.
-
-MATHJAX_EXTENSIONS =
-
-# The MATHJAX_CODEFILE tag can be used to specify a file with javascript
-# pieces of code that will be used on startup of the MathJax code.
-
-MATHJAX_CODEFILE =
-
-# When the SEARCHENGINE tag is enabled doxygen will generate a search box
-# for the HTML output. The underlying search engine uses javascript
-# and DHTML and should work on any modern browser. Note that when using
-# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets
-# (GENERATE_DOCSET) there is already a search function so this one should
-# typically be disabled. For large projects the javascript based search engine
-# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution.
-
-SEARCHENGINE = NO
-
-# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
-# implemented using a web server instead of a web client using Javascript.
-# There are two flavours of web server based search depending on the
-# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for
-# searching and an index file used by the script. When EXTERNAL_SEARCH is
-# enabled the indexing and searching needs to be provided by external tools.
-# See the manual for details.
-
-SERVER_BASED_SEARCH = NO
-
-# When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP
-# script for searching. Instead the search results are written to an XML file
-# which needs to be processed by an external indexer. Doxygen will invoke an
-# external search engine pointed to by the SEARCHENGINE_URL option to obtain
-# the search results. Doxygen ships with an example indexer (doxyindexer) and
-# search engine (doxysearch.cgi) which are based on the open source search
-# engine library Xapian. See the manual for configuration details.
-
-EXTERNAL_SEARCH = NO
-
-# The SEARCHENGINE_URL should point to a search engine hosted by a web server
-# which will returned the search results when EXTERNAL_SEARCH is enabled.
-# Doxygen ships with an example search engine (doxysearch) which is based on
-# the open source search engine library Xapian. See the manual for configuration
-# details.
-
-SEARCHENGINE_URL =
-
-# When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed
-# search data is written to a file for indexing by an external tool. With the
-# SEARCHDATA_FILE tag the name of this file can be specified.
-
-SEARCHDATA_FILE = searchdata.xml
-
-# When SERVER_BASED_SEARCH AND EXTERNAL_SEARCH are both enabled the
-# EXTERNAL_SEARCH_ID tag can be used as an identifier for the project. This is
-# useful in combination with EXTRA_SEARCH_MAPPINGS to search through multiple
-# projects and redirect the results back to the right project.
-
-EXTERNAL_SEARCH_ID =
-
-# The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through doxygen
-# projects other than the one defined by this configuration file, but that are
-# all added to the same external search index. Each project needs to have a
-# unique id set via EXTERNAL_SEARCH_ID. The search mapping then maps the id
-# of to a relative location where the documentation can be found.
-# The format is: EXTRA_SEARCH_MAPPINGS = id1=loc1 id2=loc2 ...
-
-EXTRA_SEARCH_MAPPINGS =
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
+SEARCHENGINE = YES
GENERATE_LATEX = NO
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-# Note that when enabling USE_PDFLATEX this option is only used for
-# generating bitmaps for formulas in the HTML output, but not in the
-# Makefile that is written to the output directory.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = YES
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, letter, legal and
-# executive. If left blank a4 will be used.
-
-PAPER_TYPE = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER =
-
-# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for
-# the generated latex document. The footer should contain everything after
-# the last chapter. If it is left blank doxygen will generate a
-# standard footer. Notice: only use this tag if you know what you are doing!
-
-LATEX_FOOTER =
-
-# The LATEX_EXTRA_FILES tag can be used to specify one or more extra images
-# or other source files which should be copied to the LaTeX output directory.
-# Note that the files will be copied as-is; there are no commands or markers
-# available.
-
-LATEX_EXTRA_FILES =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not
-# include the index chapters (such as File Index, Compound Index, etc.)
-# in the output.
-
-LATEX_HIDE_INDICES = NO
-
-# If LATEX_SOURCE_CODE is set to YES then doxygen will include
-# source code with syntax highlighting in the LaTeX output.
-# Note that which sources are shown also depends on other settings
-# such as SOURCE_BROWSER.
-
-LATEX_SOURCE_CODE = NO
-
-# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
-# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See
-# http://en.wikipedia.org/wiki/BibTeX for more info.
-
-LATEX_BIB_STYLE = plain
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimized for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load style sheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assignments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation.
-
-GENERATE_XML = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-#XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-#XML_DTD =
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
-# dump the program listings (including syntax highlighting
-# and cross-referencing information) to the XML output. Note that
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the DOCBOOK output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_DOCBOOK tag is set to YES Doxygen will generate DOCBOOK files
-# that can be used to generate PDF.
-
-GENERATE_DOCBOOK = NO
-
-# The DOCBOOK_OUTPUT tag is used to specify where the DOCBOOK pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be put in
-# front of it. If left blank docbook will be used as the default path.
-
-DOCBOOK_OUTPUT = docbook
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader.
-# This is useful
-# if you want to understand what is going on.
-# On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
MACRO_EXPANSION = YES
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
EXPAND_ONLY_PREDEF = YES
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# pointed to by INCLUDE_PATH will be searched when a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
INCLUDE_PATH = ../include
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed. To prevent a macro definition from being
-# undefined via #undef or recursively expanded use the := operator
-# instead of the = operator.
-
-PREDEFINED = WIN32 \
- NTLM \
- USE_LZO \
- ENABLE_FRAGMENT \
- P2MP \
- P2MP_SERVER \
- USE_CRYPTO \
- USE_SSL \
- ENABLE_PLUGIN \
- ENABLE_MANAGEMENT \
- ENABLE_OCC \
- HAVE_GETTIMEOFDAY
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition that
-# overrules the definition found in the source code.
-
EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all references to function-like macros
-# that are alone on a line, have an all uppercase name, and do not end with a
-# semicolon, because these will confuse the parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. For each
-# tag file the location of the external documentation should be added. The
-# format of a tag file without this location is as follows:
-#
-# TAGFILES = file1 file2 ...
-# Adding location for the tag files is done as follows:
-#
-# TAGFILES = file1=loc1 "file2 = loc2" ...
-# where "loc1" and "loc2" can be relative or absolute paths
-# or URLs. Note that each tag file must have a unique name (where the name does
-# NOT include the path). If a tag file is not located in the directory in which
-# doxygen is run, you must also specify the path to the tagfile here.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# If the EXTERNAL_PAGES tag is set to YES all external pages will be listed
-# in the related pages index. If set to NO, only the current project's
-# pages will be listed.
-
-EXTERNAL_PAGES = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
-# or super classes. Setting the tag to NO turns the diagrams off. Note that
-# this option also works with HAVE_DOT disabled, but it is recommended to
-# install and use dot, since it yields more powerful graphs.
-
CLASS_DIAGRAMS = NO
-
-# You can define message sequence charts within doxygen comments using the \msc
-# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
-# documentation. The MSCGEN_PATH tag allows you to specify the directory where
-# the mscgen tool resides. If left empty the tool is assumed to be found in the
-# default search path.
-
-MSCGEN_PATH =
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
HAVE_DOT = YES
-
-# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is
-# allowed to run in parallel. When set to 0 (the default) doxygen will
-# base this on the number of processors available in the system. You can set it
-# explicitly to a value larger than 0 to get control over the balance
-# between CPU load and processing speed.
-
-DOT_NUM_THREADS = 0
-
-# By default doxygen will use the Helvetica font for all dot files that
-# doxygen generates. When you want a differently looking font you can specify
-# the font name using DOT_FONTNAME. You need to make sure dot is able to find
-# the font, which can be done by putting it in a standard location or by setting
-# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
-# directory containing the font.
-
-DOT_FONTNAME = Helvetica
-
-# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
-# The default size is 10pt.
-
-DOT_FONTSIZE = 10
-
-# By default doxygen will tell dot to use the Helvetica font.
-# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to
-# set the path where dot can find it.
-
-DOT_FONTPATH =
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS = YES
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
-# collaboration diagrams in a style similar to the OMG's Unified Modeling
-# Language.
-
-UML_LOOK = NO
-
-# If the UML_LOOK tag is enabled, the fields and methods are shown inside
-# the class node. If there are many fields or methods and many nodes the
-# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS
-# threshold limits the number of items for each type to make the size more
-# manageable. Set this to 0 for no limit. Note that the threshold may be
-# exceeded by 50% before the limit is enforced.
-
-UML_LIMIT_NUM_FIELDS = 10
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the CALL_GRAPH and HAVE_DOT options are set to YES then
-# doxygen will generate a call dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable call graphs
-# for selected functions only using the \callgraph command.
-
-CALL_GRAPH = NO
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
-# doxygen will generate a caller dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable caller
-# graphs for selected functions only using the \callergraph command.
-
-CALLER_GRAPH = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will generate a graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES
-# then doxygen will show the dependencies a directory has on other directories
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are svg, png, jpg, or gif.
-# If left blank png will be used. If you choose svg you need to set
-# HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible in IE 9+ (other browsers do not have this requirement).
-
-DOT_IMAGE_FORMAT = png
-
-# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to
-# enable generation of interactive SVG images that allow zooming and panning.
-# Note that this requires a modern browser other than Internet Explorer.
-# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you
-# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible. Older versions of IE do not have SVG support.
-
-INTERACTIVE_SVG = NO
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MSCFILE_DIRS tag can be used to specify one or more directories that
-# contain msc files that are included in the documentation (see the
-# \mscfile command).
-
-MSCFILE_DIRS =
-
-# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
-# nodes that will be shown in the graph. If the number of nodes in a graph
-# becomes larger than this value, doxygen will truncate the graph, which is
-# visualized by representing a node as a red box. Note that doxygen if the
-# number of direct children of the root node in a graph is already larger than
-# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
-# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
-
DOT_GRAPH_MAX_NODES = 200
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
-# graphs generated by dot. A depth value of 3 means that only nodes reachable
-# from the root by following a path via at most 3 edges will be shown. Nodes
-# that lay further from the root node will be omitted. Note that setting this
-# option to 1 or 2 may greatly reduce the computation time needed for large
-# code bases. Also note that the size of a graph can be further restricted by
-# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
-
MAX_DOT_GRAPH_DEPTH = 1000
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
-# background. This is disabled by default, because dot on Windows does not
-# seem to support this out of the box. Warning: Depending on the platform used,
-# enabling this option may lead to badly anti-aliased labels on the edges of
-# a graph (i.e. they become hard to read).
-
DOT_TRANSPARENT = YES
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
-# files in one run (i.e. multiple -o and -T options on the command line). This
-# makes dot run faster, but since only newer versions of dot (>1.8.10)
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermediate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 4746c1c..30b0ed2 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -58,7 +58,7 @@
/** Buffer too small when writing ASN.1 data structure. */
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
-/* \} name */
+/** \} name ASN1 Error codes */
/**
* \name DER constants
@@ -118,8 +118,7 @@
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
-/* \} name */
-/* \} addtogroup asn1_module */
+/** \} name DER constants */
/** Returns the size of the binary string, without the trailing \\0 */
#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
@@ -626,6 +625,9 @@
*/
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+/** \} name Functions to parse ASN.1 data structures */
+/** \} addtogroup asn1_module */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index cef6566..3dd944c 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -74,6 +74,9 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+#define MBEDTLS_PK_WRITE_C
+#endif
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#include "mbedtls/config_psa.h"
#endif
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index ce97f6a..1ced6e5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -149,6 +149,10 @@
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
#endif
+#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS5_C defined, but not all prerequesites"
+#endif
+
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_SHA256_C))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
@@ -177,11 +181,32 @@
#endif
#undef MBEDTLS_HAS_MEMSAN
+#if defined(MBEDTLS_CCM_C) && ( \
+ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_GCM_C) && ( \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
#endif
@@ -561,11 +586,6 @@
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
-#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
-#endif
-
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -585,6 +605,61 @@
#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
#endif
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA512_C)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
+#endif
+#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT)
+#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#endif
+/*
+ * Best performance comes from most recent compilers, with intrinsics and -O3.
+ * Must compile with -march=armv8.2-a+sha3, but we can't detect armv8.2-a, and
+ * can't always detect __ARM_FEATURE_SHA512 (notably clang 7-12).
+ *
+ * GCC < 8 won't work at all (lacks the sha512 instructions)
+ * GCC >= 8 uses intrinsics, sets __ARM_FEATURE_SHA512
+ *
+ * Clang < 7 won't work at all (lacks the sha512 instructions)
+ * Clang 7-12 don't have intrinsics (but we work around that with inline
+ * assembler) or __ARM_FEATURE_SHA512
+ * Clang == 13.0.0 same as clang 12 (only seen on macOS)
+ * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics
+ */
+#if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512)
+ /* Test Clang first, as it defines __GNUC__ */
+# if defined(__clang__)
+# if __clang_major__ < 7
+# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# elif __clang_major__ < 13 || \
+ (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0)
+ /* We implement the intrinsics with inline assembler, so don't error */
+# else
+# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+# elif defined(__GNUC__)
+# if __GNUC__ < 8
+# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# else
+# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+# else
+# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+#endif
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#endif
+
#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
#endif
@@ -593,6 +668,29 @@
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
#endif
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_SHA256_USE_A64_CRYPTO_* defined without MBEDTLS_SHA256_C"
+#endif
+#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
+#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#endif
+#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO)
+#error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#endif
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && \
+ !defined(__aarch64__) && !defined(_M_ARM64)
+#error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
@@ -644,7 +742,8 @@
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_TLS_C) && \
+ !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif
@@ -780,23 +879,23 @@
* cause a build to succeed but with features removed. */
#if defined(MBEDTLS_HAVEGE_C) //no-check-names
-#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
+#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599"
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
-#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
@@ -804,23 +903,23 @@
#endif
#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
-#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
-#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313"
#endif
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
+#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
#endif
/*
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 68dda0f..f917133 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -50,6 +50,12 @@
#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
#endif
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
+#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
+#endif
+
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
@@ -384,7 +390,8 @@
#endif
#endif /* PSA_WANT_ALG_XTS */
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
#endif
@@ -411,6 +418,7 @@
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
#define MBEDTLS_CCM_C
#endif
#endif /* PSA_WANT_ALG_CCM */
@@ -515,7 +523,7 @@
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
*/
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -545,7 +553,9 @@
#if defined(MBEDTLS_CCM_C)
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CMAC_C)
@@ -776,7 +786,7 @@
#define PSA_WANT_ECC_SECP_K1_192
#endif
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
#define PSA_WANT_ECC_SECP_K1_224
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 959a5d5..2b66b53 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -135,7 +135,7 @@
/**< The maximum size of seed or reseed buffer in bytes. */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#define MBEDTLS_CTR_DRBG_PR_OFF 0
/**< Prediction resistance is disabled. */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 5b26084..395db14 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -299,7 +299,7 @@
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#else /* MBEDTLS_ECP_ALT */
#include "ecp_alt.h"
@@ -1278,6 +1278,26 @@
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+/**
+ * \brief This function exports generic key-pair parameters.
+ *
+ * \param key The key pair to export from.
+ * \param grp Slot for exported ECP group.
+ * It must point to an initialized ECP group.
+ * \param d Slot for the exported secret value.
+ * It must point to an initialized mpi.
+ * \param Q Slot for the exported public value.
+ * It must point to an initialized ECP point.
+ *
+ * \return \c 0 on success,
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+ * correspond to a known group.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q);
+
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index fede05f..14e8b31 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -69,7 +69,7 @@
#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index e6bfe05..2e225cb 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -35,7 +35,7 @@
*/
/** Bad input parameters to function. */
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
-/* \} name */
+/** \} name */
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 0f1653f..37702b5 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -71,7 +71,7 @@
#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */
#define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 0558ee0..72a1e10 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -129,7 +129,12 @@
* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
* MBEDTLS_PLATFORM_STD_TIME.
*
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ * interface - timing.c will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
*/
#define MBEDTLS_HAVE_TIME
@@ -256,7 +261,7 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
-/* \} name SECTION: System support */
+/** \} name SECTION: System support */
/**
* \name SECTION: mbed TLS feature support
@@ -1081,7 +1086,7 @@
* which is currently hard-coded to be int32_t.
*
* Note that this option is meant for internal use only and may be removed
- * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO.
+ * without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
@@ -1273,7 +1278,7 @@
* Enable an implementation of SHA-256 that has lower ROM footprint but also
* lower performance.
*
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
* performance and size. This version optimizes more aggressively for size at
* the expense of performance. Eg on Cortex-M4 it reduces the size of
* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -1317,8 +1322,9 @@
* in the underlying transport.
*
* Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
- * See the corresponding documentation for more information.
+ * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
+ * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
+ * more information.
*
* \warning The Connection ID extension is still in draft state.
* We make no stability promises for the availability
@@ -1829,7 +1835,7 @@
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: mbed TLS feature support */
/**
* \name SECTION: mbed TLS modules
@@ -2181,9 +2187,10 @@
* Enable the debug functions.
*
* Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl_msg.c
* library/ssl_tls.c
+ * library/ssl_tls12_*.c
+ * library/ssl_tls13_*.c
*
* This module provides debugging functions.
*/
@@ -2211,8 +2218,9 @@
* Enable the Diffie-Hellman-Merkle module.
*
* Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK
@@ -2232,8 +2240,10 @@
* Enable the elliptic curve Diffie-Hellman library.
*
* Module: library/ecdh.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/psa_crypto.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
@@ -2519,9 +2529,11 @@
* Enable the generic public (asymetric) key layer.
*
* Module: library/pk.c
- * Caller: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/psa_crypto_rsa.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
+ * library/x509.c
*
* Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
*
@@ -2689,10 +2701,11 @@
*
* Module: library/rsa.c
* library/rsa_alt_helpers.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/pk.c
+ * library/psa_crypto.c
* library/ssl_tls.c
- * library/x509.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
@@ -2708,10 +2721,7 @@
*
* Module: library/sha1.c
* Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509write_crt.c
+ * library/psa_crypto_hash.c
*
* This module is required for TLS 1.2 depending on the handshake parameters,
* and for SHA1-signed certificates.
@@ -2750,9 +2760,9 @@
* Module: library/sha256.c
* Caller: library/entropy.c
* library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
* library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module adds support for SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function.
@@ -2760,6 +2770,56 @@
#define MBEDTLS_SHA256_C
/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-256 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions if they are available at runtime. If not,
+ * it will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
+ * of \c -march=armv8-a+crypto.
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module: library/sha256.c
+ *
+ * Uncomment to have the library check for the A64 SHA-256 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-256 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions, which must be available at runtime (or
+ * an illegal instruction fault will occur).
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
+ * of \c -march=armv8-a+crypto.
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module: library/sha256.c
+ *
+ * Uncomment to have the library use the A64 SHA-256 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+
+/**
* \def MBEDTLS_SHA384_C
*
* Enable the SHA-384 cryptographic hash algorithm.
@@ -2768,8 +2828,10 @@
*
* Module: library/sha512.c
* Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
+ * library/psa_crypto_hash.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* Comment to disable SHA-384
*/
@@ -2791,6 +2853,60 @@
#define MBEDTLS_SHA512_C
/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions if they are available at runtime. If not,
+ * it will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7, and \c CFLAGS must be set to a minimum of
+ * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
+ * fastest code.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module: library/sha512.c
+ *
+ * Uncomment to have the library check for the A64 SHA-512 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions, which must be available at runtime (or
+ * an illegal instruction fault will occur).
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7, and \c CFLAGS must be set to a minimum of
+ * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
+ * fastest code.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module: library/sha512.c
+ *
+ * Uncomment to have the library use the A64 SHA-512 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+
+/**
* \def MBEDTLS_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
@@ -2829,7 +2945,7 @@
*
* Enable the SSL/TLS client code.
*
- * Module: library/ssl_cli.c
+ * Module: library/ssl*_client.c
* Caller:
*
* Requires: MBEDTLS_SSL_TLS_C
@@ -2843,7 +2959,7 @@
*
* Enable the SSL/TLS server code.
*
- * Module: library/ssl_srv.c
+ * Module: library/ssl*_server.c
* Caller:
*
* Requires: MBEDTLS_SSL_TLS_C
@@ -2858,8 +2974,8 @@
* Enable the generic SSL/TLS code.
*
* Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl*_client.c
+ * library/ssl*_server.c
*
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
* and at least one of the MBEDTLS_SSL_PROTO_XXX defines
@@ -2902,6 +3018,10 @@
* your own implementation of the whole module by setting
* \c MBEDTLS_TIMING_ALT in the current file.
*
+ * \note The timing module will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
* \note See also our Knowledge Base article about porting to a new
* environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
@@ -2944,9 +3064,9 @@
* Enable X.509 certificate parsing.
*
* Module: library/x509_crt.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
+ * Caller: library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* Requires: MBEDTLS_X509_USE_C
*
@@ -3021,7 +3141,7 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/* \} name SECTION: mbed TLS modules */
+/** \} name SECTION: mbed TLS modules */
/**
* \name SECTION: Module configuration options
@@ -3319,4 +3439,4 @@
*/
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-/* \} name SECTION: Customisation configuration options */
+/** \} name SECTION: Customisation configuration options */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 2b668f5..612061d 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -138,6 +138,19 @@
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
/**
+ * \brief This function returns the message-digest information
+ * from the given context.
+ *
+ * \param ctx The context from which to extract the information.
+ * This must be initialized (or \c NULL).
+ *
+ * \return The message-digest information associated with \p ctx.
+ * \return \c NULL if \p ctx is \c NULL.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
+ const mbedtls_md_context_t *ctx );
+
+/**
* \brief This function initializes a message-digest context without
* binding it to a particular message-digest algorithm.
*
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index b024162..0b07974 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -38,7 +38,7 @@
#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index baceb07..c75a124 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -27,6 +27,11 @@
#include <stddef.h>
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
/**
* \name PEM Error codes
* These error codes are returned in case of errors reading the
@@ -51,7 +56,7 @@
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
/** Bad input parameters to function. */
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
-/* \} name */
+/** \} name PEM Error codes */
#ifdef __cplusplus
extern "C" {
@@ -96,6 +101,10 @@
* the decrypted text starts with an ASN.1 sequence of
* appropriate length
*
+ * \note \c mbedtls_pem_free must be called on PEM context before
+ * the PEM context can be reused in another call to
+ * \c mbedtls_pem_read_buffer
+ *
* \return 0 on success, or a specific PEM error code
*/
int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
@@ -104,6 +113,25 @@
size_t pwdlen, size_t *use_len );
/**
+ * \brief Get the pointer to the decoded binary data in a PEM context.
+ *
+ * \param ctx PEM context to access.
+ * \param buflen On success, this will contain the length of the binary data.
+ * This must be a valid (non-null) pointer.
+ *
+ * \return A pointer to the decoded binary data.
+ *
+ * \note The returned pointer remains valid only until \p ctx is
+ modified or freed.
+ */
+static inline const unsigned char *mbedtls_pem_get_buffer( mbedtls_pem_context *ctx, size_t *buflen )
+{
+ *buflen = ctx->MBEDTLS_PRIVATE(buflen);
+ return( ctx->MBEDTLS_PRIVATE(buf) );
+}
+
+
+/**
* \brief PEM context memory freeing
*
* \param ctx context to be freed
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 5f9f29f..dc808e8 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -330,8 +330,8 @@
* storing and manipulating the key material directly.
*
* \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC key pair
- * (see notes below).
+ * \param key The PSA key to wrap, which must hold an ECC or RSA key
+ * pair (see notes below).
*
* \note The wrapped key must remain valid as long as the
* wrapping PK context is in use, that is at least between
@@ -339,8 +339,8 @@
* mbedtls_pk_free() is called on this context. The wrapped
* key might then be independently used or destroyed.
*
- * \note This function is currently only available for ECC key
- * pairs (that is, ECC keys containing private key material).
+ * \note This function is currently only available for ECC or RSA
+ * key pairs (that is, keys containing private key material).
* Support for other key types may be added later.
*
* \return \c 0 on success.
@@ -351,7 +351,7 @@
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key );
+ const mbedtls_svc_key_id_t key );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -535,6 +535,45 @@
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/**
+ * \brief Make signature given a signature type.
+ *
+ * \param pk_type Signature type.
+ * \param ctx The PK context to use. It must have been set up
+ * with a private key.
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length
+ * \param sig Place to write the signature.
+ * It must have enough room for the signature.
+ * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ * You may use a smaller buffer if it is large enough
+ * given the key type.
+ * \param sig_size The size of the \p sig buffer in bytes.
+ * \param sig_len On successful return,
+ * the number of bytes written to \p sig.
+ * \param f_rng RNG function, must not be \c NULL.
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a specific error code.
+ *
+ * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+ * see #PSA_ALG_RSA_PSS for a description of PSS options used.
+ *
+ * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ *
+ */
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
/**
* \brief Restartable version of \c mbedtls_pk_sign()
*
@@ -878,15 +917,20 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Turn an EC key into an opaque one.
+ * \brief Turn an EC or RSA key into an opaque one.
*
* \warning This is a temporary utility function for tests. It might
* change or be removed at any time without notice.
*
- * \note Only ECDSA keys are supported so far. Signing with the
- * specified hash is the only allowed use of that key.
+ * \note ECDSA & RSA keys are supported.
+ * For both key types, signing with the specified hash
+ * is the only allowed use of that key with PK API.
+ * The RSA key supports RSA-PSS signing with the specified
+ * hash with the PK EXT API.
+ * In addition, the ECDSA key is also allowed for ECDH key
+ * agreement derivation operation using the PSA API.
*
- * \param pk Input: the EC key to import to a PSA key.
+ * \param pk Input: the EC or RSA key to import to a PSA key.
* Output: a PK context wrapping that PSA key.
* \param key Output: a PSA key identifier.
* It's the caller's responsibility to call
@@ -898,7 +942,7 @@
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
+ mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 277a85c..a598434 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -62,7 +62,9 @@
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
#include <time.h>
+#endif
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
@@ -119,7 +121,7 @@
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 8d4b95d..8bef553 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -28,14 +28,6 @@
extern "C" {
#endif
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
/*
* The time_t datatype
*/
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index c54c035..8dd47f6 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -29,7 +29,7 @@
#include "mbedtls/build_info.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
@@ -258,115 +258,8 @@
return( -1 );
}
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-
-/* Translations for PK layer */
-
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
-{
- switch( status )
- {
- case PSA_SUCCESS:
- return( 0 );
- case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_PK_ALLOC_FAILED );
- case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
- case PSA_ERROR_BAD_STATE:
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- /* All other failures */
- case PSA_ERROR_COMMUNICATION_FAILURE:
- case PSA_ERROR_HARDWARE_FAILURE:
- case PSA_ERROR_CORRUPTION_DETECTED:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- default: /* We return the same as for the 'other failures',
- * but list them separately nonetheless to indicate
- * which failure conditions we have considered. */
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- }
-}
-
-/* Translations for ECC */
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
@@ -384,52 +277,11 @@
}
#endif /* MBEDTLS_ECP_C */
-/* This function takes a buffer holding an EC public key
- * exported through psa_export_public_key(), and converts
- * it into an ECPoint structure to be put into a ClientKeyExchange
- * message in an ECDHE exchange.
- *
- * Both the present and the foreseeable future format of EC public keys
- * used by PSA have the ECPoint structure contained in the exported key
- * as a subbuffer, and the function merely selects this subbuffer instead
- * of making a copy.
- */
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
- size_t srclen,
- unsigned char **dst,
- size_t *dstlen )
-{
- *dst = src;
- *dstlen = srclen;
- return( 0 );
-}
-
-/* This function takes a buffer holding an ECPoint structure
- * (as contained in a TLS ServerKeyExchange message for ECDHE
- * exchanges) and converts it into a format that the PSA key
- * agreement API understands.
- */
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
- size_t srclen,
- unsigned char *dst,
- size_t dstlen,
- size_t *olen )
-{
- if( srclen > dstlen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
- memcpy( dst, src, srclen );
- *olen = srclen;
- return( 0 );
-}
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
/* Expose whatever RNG the PSA subsystem uses to applications using the
* mbedtls_xxx API. The declarations and definitions here need to be
* consistent with the implementation in library/psa_crypto_random_impl.h.
* See that file for implementation documentation. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+
/* The type of a `f_rng` random generator function that many library functions
* take.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 072ebbe..6dac3d1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -41,9 +41,8 @@
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
+ * to guards in TLS code. There is a gap in functionality that access to
+ * ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdh.h"
@@ -244,6 +243,7 @@
* Various constants
*/
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* These are the high an low bytes of ProtocolVersion as defined by:
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
@@ -251,6 +251,7 @@
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@@ -380,7 +381,7 @@
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
/*
* Length of the verify data for secure renegotiation
@@ -487,6 +488,7 @@
#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION 109 /* 0x6d -- new in TLS 1.3 */
#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
@@ -505,6 +507,7 @@
#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
#define MBEDTLS_SSL_HS_FINISHED 20
+#define MBEDTLS_SSL_HS_MESSAGE_HASH 254
/*
* TLS extensions
@@ -639,10 +642,12 @@
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ MBEDTLS_SSL_HELLO_RETRY_REQUEST,
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
+ MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO,
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
}
@@ -1098,6 +1103,14 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
+/** Human-friendly representation of the (D)TLS protocol version. */
+typedef enum
+{
+ MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
+ MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */
+ MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */
+} mbedtls_ssl_protocol_version;
+
/*
* This structure is used for storing current session data.
*
@@ -1117,10 +1130,10 @@
unsigned char MBEDTLS_PRIVATE(exported);
- /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
- * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
- * to be studied whether one of them can be removed. */
- unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
+ /** TLS version negotiated in the session. Used if and when renegotiating
+ * or resuming a session instead of the configured minor TLS version.
+ */
+ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
@@ -1208,6 +1221,37 @@
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief Callback type: generic handshake callback
+ *
+ * \note Callbacks may use user_data funcs to set/get app user data.
+ * See \c mbedtls_ssl_get_user_data_p()
+ * \c mbedtls_ssl_get_user_data_n()
+ * \c mbedtls_ssl_conf_get_user_data_p()
+ * \c mbedtls_ssl_conf_get_user_data_n()
+ *
+ * \param ssl \c mbedtls_ssl_context on which the callback is run
+ *
+ * \return The return value of the callback is 0 if successful,
+ * or a specific MBEDTLS_ERR_XXX code, which will cause
+ * the handshake to be aborted.
+ */
+typedef int (*mbedtls_ssl_hs_cb_t)( mbedtls_ssl_context *ssl );
+#endif
+
+/* A type for storing user data in a library structure.
+ *
+ * The representation of type may change in future versions of the library.
+ * Only the behaviors guaranteed by documented accessor functions are
+ * guaranteed to remain stable.
+ */
+typedef union
+{
+ uintptr_t n; /* typically a handle to an associated object */
+ void *p; /* typically a pointer to extra data */
+} mbedtls_ssl_user_data_t;
+
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
@@ -1218,10 +1262,8 @@
* so that elements tend to be in the 128-element direct access window
* on Arm Thumb, which reduces the code size. */
- unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
- unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
- unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
- unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
+ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version); /*!< max. TLS version used */
+ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version); /*!< min. TLS version used */
/*
* Flags (could be bit-fields to save RAM, but separate bytes make
@@ -1332,7 +1374,6 @@
int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -1359,11 +1400,11 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
+#endif
+ const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -1380,7 +1421,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@@ -1446,6 +1487,17 @@
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
+
+ /** User data pointer or handle.
+ *
+ * The library sets this to \p 0 when creating a context and does not
+ * access it afterwards.
+ */
+ mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data);
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ mbedtls_ssl_hs_cb_t MBEDTLS_PRIVATE(f_cert_cb); /*!< certificate selection callback */
+#endif /* MBEDTLS_SSL_SRV_C */
};
struct mbedtls_ssl_context
@@ -1463,12 +1515,22 @@
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ /** Server: Negotiated TLS protocol version.
+ * Client: Maximum TLS version to be negotiated, then negotiated TLS
+ * version.
+ *
+ * It is initialized as the maximum TLS version to be negotiated in the
+ * ClientHello writing preparation stage and used throughout the
+ * ClientHello writing. For a fresh handshake not linked to any previous
+ * handshake, it is initialized to the configured maximum TLS version
+ * to be negotiated. When renegotiating or resuming a session, it is
+ * initialized to the previously negotiated TLS version.
+ *
+ * Updated to the negotiated TLS version as soon as the ServerHello is
+ * received.
+ */
+ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
- /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
- * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
- * to be studied whether one of them can be removed. */
- int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1611,11 +1673,6 @@
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
- * PKI layer
- */
- int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
-
- /*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1672,6 +1729,17 @@
/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
+
+ /** User data pointer or handle.
+ *
+ * The library sets this to \p 0 when creating a context and does not
+ * access it afterwards.
+ *
+ * \warning Serializing and restoring an SSL context with
+ * mbedtls_ssl_context_save() and mbedtls_ssl_context_load()
+ * does not currently restore the user data.
+ */
+ mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data);
};
/**
@@ -1840,6 +1908,22 @@
void *p_dbg );
/**
+ * \brief Return the SSL configuration structure associated
+ * with the given SSL context.
+ *
+ * \note The pointer returned by this function is guaranteed to
+ * remain valid until the context is freed.
+ *
+ * \param ssl The SSL context to query.
+ * \return Pointer to the SSL configuration associated with \p ssl.
+ */
+static inline const mbedtls_ssl_config *mbedtls_ssl_context_get_config(
+ const mbedtls_ssl_context *ssl )
+{
+ return( ssl->MBEDTLS_PRIVATE( conf ) );
+}
+
+/**
* \brief Set the underlying BIO callbacks for write, read and
* read-with-timeout.
*
@@ -1969,6 +2053,40 @@
size_t own_cid_len );
/**
+ * \brief Get information about our request for usage of the CID
+ * extension in the current connection.
+ *
+ * \param ssl The SSL context to query.
+ * \param enabled The address at which to store whether the CID extension
+ * is requested to be used or not. If the CID is
+ * requested, `*enabled` is set to
+ * MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ * \param own_cid The address of the buffer in which to store our own
+ * CID (if the CID extension is requested). This may be
+ * \c NULL in case the value of our CID isn't needed. If
+ * it is not \c NULL, \p own_cid_len must not be \c NULL.
+ * \param own_cid_len The address at which to store the size of our own CID
+ * (if the CID extension is requested). This is also the
+ * number of Bytes in \p own_cid that have been written.
+ * This may be \c NULL in case the length of our own CID
+ * isn't needed. If it is \c NULL, \p own_cid must be
+ * \c NULL, too.
+ *
+ *\note If we are requesting an empty CID this function sets
+ * `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+ * for this is that the resulting outcome is the
+ * same as if the CID extensions wasn't requested).
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *own_cid_len );
+
+/**
* \brief Get information about the use of the CID extension
* in the current connection.
*
@@ -2169,6 +2287,24 @@
mbedtls_ssl_set_timer_t *f_set_timer,
mbedtls_ssl_get_timer_t *f_get_timer );
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief Set the certificate selection callback (server-side only).
+ *
+ * If set, the callback is always called for each handshake,
+ * after `ClientHello` processing has finished.
+ *
+ * \param conf The SSL configuration to register the callback with.
+ * \param f_cert_cb The callback for selecting server certificate after
+ * `ClientHello` processing has finished.
+ */
+static inline void mbedtls_ssl_conf_cert_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_hs_cb_t f_cert_cb )
+{
+ conf->MBEDTLS_PRIVATE(f_cert_cb) = f_cert_cb;
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
/**
* \brief Callback type: generate and write session ticket
*
@@ -2266,6 +2402,132 @@
mbedtls_ssl_export_keys_t *f_export_keys,
void *p_export_keys );
+/** \brief Set the user data in an SSL configuration to a pointer.
+ *
+ * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_p().
+ *
+ * \note The library stores \c p without accessing it. It is the responsibility
+ * of the caller to ensure that the pointer remains valid.
+ *
+ * \param conf The SSL configuration context to modify.
+ * \param p The new value of the user data.
+ */
+static inline void mbedtls_ssl_conf_set_user_data_p(
+ mbedtls_ssl_config *conf,
+ void *p )
+{
+ conf->MBEDTLS_PRIVATE(user_data).p = p;
+}
+
+/** \brief Set the user data in an SSL configuration to an integer.
+ *
+ * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_n().
+ *
+ * \param conf The SSL configuration context to modify.
+ * \param n The new value of the user data.
+ */
+static inline void mbedtls_ssl_conf_set_user_data_n(
+ mbedtls_ssl_config *conf,
+ uintptr_t n )
+{
+ conf->MBEDTLS_PRIVATE(user_data).n = n;
+}
+
+/** \brief Retrieve the user data in an SSL configuration as a pointer.
+ *
+ * This is the value last set with mbedtls_ssl_conf_set_user_data_p(), or
+ * \c NULL if mbedtls_ssl_conf_set_user_data_p() has not previously been
+ * called. The value is undefined if mbedtls_ssl_conf_set_user_data_n() has
+ * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_p().
+ *
+ * \param conf The SSL configuration context to modify.
+ * \return The current value of the user data.
+ */
+static inline void *mbedtls_ssl_conf_get_user_data_p(
+ mbedtls_ssl_config *conf )
+{
+ return( conf->MBEDTLS_PRIVATE(user_data).p );
+}
+
+/** \brief Retrieve the user data in an SSL configuration as an integer.
+ *
+ * This is the value last set with mbedtls_ssl_conf_set_user_data_n(), or
+ * \c 0 if mbedtls_ssl_conf_set_user_data_n() has not previously been
+ * called. The value is undefined if mbedtls_ssl_conf_set_user_data_p() has
+ * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_n().
+ *
+ * \param conf The SSL configuration context to modify.
+ * \return The current value of the user data.
+ */
+static inline uintptr_t mbedtls_ssl_conf_get_user_data_n(
+ mbedtls_ssl_config *conf )
+{
+ return( conf->MBEDTLS_PRIVATE(user_data).n );
+}
+
+/** \brief Set the user data in an SSL context to a pointer.
+ *
+ * You can retrieve this value later with mbedtls_ssl_get_user_data_p().
+ *
+ * \note The library stores \c p without accessing it. It is the responsibility
+ * of the caller to ensure that the pointer remains valid.
+ *
+ * \param ssl The SSL context context to modify.
+ * \param p The new value of the user data.
+ */
+static inline void mbedtls_ssl_set_user_data_p(
+ mbedtls_ssl_context *ssl,
+ void *p )
+{
+ ssl->MBEDTLS_PRIVATE(user_data).p = p;
+}
+
+/** \brief Set the user data in an SSL context to an integer.
+ *
+ * You can retrieve this value later with mbedtls_ssl_get_user_data_n().
+ *
+ * \param ssl The SSL context context to modify.
+ * \param n The new value of the user data.
+ */
+static inline void mbedtls_ssl_set_user_data_n(
+ mbedtls_ssl_context *ssl,
+ uintptr_t n )
+{
+ ssl->MBEDTLS_PRIVATE(user_data).n = n;
+}
+
+/** \brief Retrieve the user data in an SSL context as a pointer.
+ *
+ * This is the value last set with mbedtls_ssl_set_user_data_p(), or
+ * \c NULL if mbedtls_ssl_set_user_data_p() has not previously been
+ * called. The value is undefined if mbedtls_ssl_set_user_data_n() has
+ * been called without a subsequent call to mbedtls_ssl_set_user_data_p().
+ *
+ * \param ssl The SSL context context to modify.
+ * \return The current value of the user data.
+ */
+static inline void *mbedtls_ssl_get_user_data_p(
+ mbedtls_ssl_context *ssl )
+{
+ return( ssl->MBEDTLS_PRIVATE(user_data).p );
+}
+
+/** \brief Retrieve the user data in an SSL context as an integer.
+ *
+ * This is the value last set with mbedtls_ssl_set_user_data_n(), or
+ * \c 0 if mbedtls_ssl_set_user_data_n() has not previously been
+ * called. The value is undefined if mbedtls_ssl_set_user_data_p() has
+ * been called without a subsequent call to mbedtls_ssl_set_user_data_n().
+ *
+ * \param ssl The SSL context context to modify.
+ * \return The current value of the user data.
+ */
+static inline uintptr_t mbedtls_ssl_get_user_data_n(
+ mbedtls_ssl_context *ssl )
+{
+ return( ssl->MBEDTLS_PRIVATE(user_data).n );
+}
+
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/**
* \brief Configure asynchronous private key operation callbacks.
@@ -3042,7 +3304,7 @@
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
+ mbedtls_svc_key_id_t psk,
const unsigned char *psk_identity,
size_t psk_identity_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -3088,7 +3350,7 @@
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk );
+ mbedtls_svc_key_id_t psk );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -3267,6 +3529,7 @@
const uint16_t *groups );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/**
* \brief Set the allowed hashes for signatures during the handshake.
*
@@ -3296,10 +3559,10 @@
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+ const int *hashes );
+#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Configure allowed signature algorithms for use in TLS 1.3
*
@@ -3311,7 +3574,6 @@
*/
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3338,10 +3600,34 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/**
+ * \brief Retrieve SNI extension value for the current handshake.
+ * Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(),
+ * this is the same value passed to \p f_sni callback of
+ * \c mbedtls_ssl_conf_sni() and may be used instead of
+ * \c mbedtls_ssl_conf_sni().
+ *
+ * \param ssl SSL context
+ * \param name_len pointer into which to store length of returned value.
+ * 0 if SNI extension is not present or not yet processed.
+ *
+ * \return const pointer to SNI extension value.
+ * - value is valid only when called in \p f_cert_cb
+ * registered with \c mbedtls_ssl_conf_cert_cb().
+ * - value is NULL if SNI extension is not present.
+ * - value is not '\0'-terminated. Use \c name_len for len.
+ * - value must not be freed.
+ */
+const unsigned char *mbedtls_ssl_get_hs_sni( mbedtls_ssl_context *ssl,
+ size_t *name_len );
+
+/**
* \brief Set own certificate and key for the current handshake
*
* \note Same as \c mbedtls_ssl_conf_own_cert() but for use within
- * the SNI callback.
+ * the SNI callback or the certificate selection callback.
+ *
+ * \note Passing null \c own_cert clears the certificate list for
+ * the current handshake.
*
* \param ssl SSL context
* \param own_cert own public certificate chain
@@ -3358,7 +3644,7 @@
* current handshake
*
* \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within
- * the SNI callback.
+ * the SNI callback or the certificate selection callback.
*
* \param ssl SSL context
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
@@ -3372,7 +3658,7 @@
* \brief Set authmode for the current handshake.
*
* \note Same as \c mbedtls_ssl_conf_authmode() but for use within
- * the SNI callback.
+ * the SNI callback or the certificate selection callback.
*
* \param ssl SSL context
* \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
@@ -3397,8 +3683,7 @@
* mbedtls_ssl_set_hs_ca_chain() as well as the client
* authentication mode with \c mbedtls_ssl_set_hs_authmode(),
* then must return 0. If no matching name is found, the
- * callback must either set a default cert, or
- * return non-zero to abort the handshake at this point.
+ * callback may return non-zero to abort the handshake.
*
* \param conf SSL configuration
* \param f_sni verification function
@@ -3559,35 +3844,100 @@
mbedtls_dtls_srtp_info *dtls_srtp_info );
#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the maximum supported version sent from the client side
- * and/or accepted at the server side
- * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
+ * and/or accepted at the server side.
+ *
+ * See also the documentation of mbedtls_ssl_conf_min_version().
*
* \note This ignores ciphersuites from higher versions.
*
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ * \note This function is deprecated and has been replaced by
+ * \c mbedtls_ssl_conf_max_tls_version().
*
* \param conf SSL configuration
- * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+ * \param minor Minor version number
+ * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+ * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
+ * \brief Set the maximum supported version sent from the client side
+ * and/or accepted at the server side.
+ *
+ * \note After the handshake, you can call
+ * mbedtls_ssl_get_version_number() to see what version was
+ * negotiated.
+ *
+ * \param conf SSL configuration
+ * \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
+ * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
+ */
+static inline void mbedtls_ssl_conf_max_tls_version( mbedtls_ssl_config *conf,
+ mbedtls_ssl_protocol_version tls_version )
+{
+ conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version;
+}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/**
* \brief Set the minimum accepted SSL/TLS protocol version
- * (Default: TLS 1.2)
+ *
+ * \note By default, all supported versions are accepted.
+ * Future versions of the library may disable older
+ * protocol versions by default if they become deprecated.
+ *
+ * \note The following versions are supported (if enabled at
+ * compile time):
+ * - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+ * \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
+ * - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+ * \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
+ *
+ * Note that the numbers in the constant names are the
+ * TLS internal protocol numbers, and the minor versions
+ * differ by one from the human-readable versions!
*
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
*
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ * \note After the handshake, you can call
+ * mbedtls_ssl_get_version_number() to see what version was
+ * negotiated.
+ *
+ * \note This function is deprecated and has been replaced by
+ * \c mbedtls_ssl_conf_min_tls_version().
*
* \param conf SSL configuration
- * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+ * \param minor Minor version number
+ * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+ * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief Set the minimum supported version sent from the client side
+ * and/or accepted at the server side.
+ *
+ * \note After the handshake, you can call
+ * mbedtls_ssl_get_version_number() to see what version was
+ * negotiated.
+ *
+ * \param conf SSL configuration
+ * \param tls_version TLS protocol version number (\p mbedtls_ssl_protocol_version)
+ * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid)
+ */
+static inline void mbedtls_ssl_conf_min_tls_version( mbedtls_ssl_config *conf,
+ mbedtls_ssl_protocol_version tls_version )
+{
+ conf->MBEDTLS_PRIVATE(min_tls_version) = tls_version;
+}
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/**
@@ -3889,6 +4239,15 @@
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
/**
+ * \brief Return the id of the current ciphersuite
+ *
+ * \param ssl SSL context
+ *
+ * \return a ciphersuite id
+ */
+int mbedtls_ssl_get_ciphersuite_id_from_ssl( const mbedtls_ssl_context *ssl );
+
+/**
* \brief Return the name of the current ciphersuite
*
* \param ssl SSL context
@@ -3897,6 +4256,24 @@
*/
const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Return the (D)TLS protocol version negotiated in the
+ * given connection.
+ *
+ * \note If you call this function too early during the initial
+ * handshake, before the two sides have agreed on a version,
+ * this function returns #MBEDTLS_SSL_VERSION_UNKNOWN.
+ *
+ * \param ssl The SSL context to query.
+ * \return The negotiated protocol version.
+ */
+static inline mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number(
+ const mbedtls_ssl_context *ssl )
+{
+ return ssl->MBEDTLS_PRIVATE(tls_version);
+}
+
/**
* \brief Return the current TLS version
*
@@ -4089,11 +4466,40 @@
int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
/**
+ * \brief After calling mbedtls_ssl_handshake() to start the SSL
+ * handshake you can call this function to check whether the
+ * handshake is over for a given SSL context. This function
+ * should be also used to determine when to stop calling
+ * mbedtls_handshake_step() for that context.
+ *
+ * \param ssl SSL context
+ *
+ * \return \c 1 if handshake is over, \c 0 if it is still ongoing.
+ */
+static inline int mbedtls_ssl_is_handshake_over( mbedtls_ssl_context *ssl )
+{
+ return( ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_HANDSHAKE_OVER );
+}
+
+/**
* \brief Perform a single step of the SSL handshake
*
* \note The state of the context (ssl->state) will be at
* the next state after this function returns \c 0. Do not
- * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ * call this function if mbedtls_ssl_is_handshake_over()
+ * returns \c 1.
+ *
+ * \warning Whilst in the past you may have used direct access to the
+ * context state (ssl->state) in order to ascertain when to
+ * stop calling this function and although you can still do
+ * so with something like ssl->MBEDTLS_PRIVATE(state) or by
+ * defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+ * considered deprecated and could be broken in any future
+ * release. If you still find you have good reason for such
+ * direct access, then please do contact the team to explain
+ * this (raise an issue or post to the mailing list), so that
+ * we can add a solution to your problem that will be
+ * guaranteed to work in the future.
*
* \param ssl SSL context
*
@@ -4328,6 +4734,14 @@
*
* \see mbedtls_ssl_context_load()
*
+ * \note The serialized data only contains the data that is
+ * necessary to resume the connection: negotiated protocol
+ * options, session identifier, keys, etc.
+ * Loading a saved SSL context does not restore settings and
+ * state related to how the application accesses the context,
+ * such as configured callback functions, user data, pending
+ * incoming or outgoing data, etc.
+ *
* \note This feature is currently only available under certain
* conditions, see the documentation of the return value
* #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
@@ -4406,8 +4820,11 @@
* (unless they were already set before calling
* mbedtls_ssl_session_reset() and the values are suitable for
* the present connection). Specifically, you want to call
- * at least mbedtls_ssl_set_bio() and
- * mbedtls_ssl_set_timer_cb(). All other SSL setter functions
+ * at least mbedtls_ssl_set_bio(),
+ * mbedtls_ssl_set_timer_cb(), and
+ * mbedtls_ssl_set_user_data_n() or
+ * mbedtls_ssl_set_user_data_p() if they were set originally.
+ * All other SSL setter functions
* are not necessary to call, either because they're only used
* in handshakes, or because the setting is already saved. You
* might choose to call them anyway, for example in order to
@@ -4456,7 +4873,7 @@
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
/**
- * \brief Load reasonnable default SSL configuration values.
+ * \brief Load reasonable default SSL configuration values.
* (You need to call mbedtls_ssl_config_init() first.)
*
* \param conf SSL configuration context
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 6a81ac9..cb016fe 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -47,7 +47,7 @@
#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 18e7c98..c770528 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -363,22 +363,23 @@
/**
* \brief This structure is used for storing ciphersuite information
+ *
+ * \note members are defined using integral types instead of enums
+ * in order to pack structure and reduce memory usage by internal
+ * \c ciphersuite_definitions[]
*/
struct mbedtls_ssl_ciphersuite_t
{
int MBEDTLS_PRIVATE(id);
const char * MBEDTLS_PRIVATE(name);
- mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
- mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
- mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
+ uint8_t MBEDTLS_PRIVATE(cipher); /* mbedtls_cipher_type_t */
+ uint8_t MBEDTLS_PRIVATE(mac); /* mbedtls_md_type_t */
+ uint8_t MBEDTLS_PRIVATE(key_exchange); /* mbedtls_key_exchange_type_t */
+ uint8_t MBEDTLS_PRIVATE(flags);
- int MBEDTLS_PRIVATE(min_major_ver);
- int MBEDTLS_PRIVATE(min_minor_ver);
- int MBEDTLS_PRIVATE(max_major_ver);
- int MBEDTLS_PRIVATE(max_minor_ver);
-
- unsigned char MBEDTLS_PRIVATE(flags);
+ uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */
+ uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */
};
const int *mbedtls_ssl_list_ciphersuites( void );
@@ -394,6 +395,13 @@
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+static inline const char *mbedtls_ssl_ciphersuite_get_name( const mbedtls_ssl_ciphersuite_t *info )
+{
+ return info->MBEDTLS_PRIVATE(name);
+}
+
+size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info );
+
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 86698b0..c5b80d9 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -27,9 +27,11 @@
#include "mbedtls/ssl.h"
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/**
* \name SECTION: Module settings
@@ -42,7 +44,7 @@
#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
#endif
-/* \} name SECTION: Module settings */
+/** \} name SECTION: Module settings */
#ifdef __cplusplus
extern "C" {
@@ -53,16 +55,23 @@
*/
typedef struct mbedtls_ssl_cookie_ctx
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */
+ psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */
+#else
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_ssl_cookie_ctx;
/**
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 0f4117d..98fd287 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -34,6 +34,10 @@
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
@@ -42,14 +46,25 @@
extern "C" {
#endif
+#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */
+#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */
+
/**
* \brief Information for session ticket protection
*/
typedef struct mbedtls_ssl_ticket_key
{
- unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
+ /*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
+#else
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */
+ psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */
+ psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */
+ size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */
+#endif
}
mbedtls_ssl_ticket_key;
@@ -98,7 +113,7 @@
* supported. Usually that means a 256-bit key.
*
* \note The lifetime of the keys is twice the lifetime of tickets.
- * It is recommended to pick a reasonnable lifetime so as not
+ * It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
* \return 0 if successful,
@@ -110,6 +125,43 @@
uint32_t lifetime );
/**
+ * \brief Rotate session ticket encryption key to new specified key.
+ * Provides for external control of session ticket encryption
+ * key rotation, e.g. for synchronization between different
+ * machines. If this function is not used, or if not called
+ * before ticket lifetime expires, then a new session ticket
+ * encryption key is generated internally in order to avoid
+ * unbounded session ticket encryption key lifetimes.
+ *
+ * \param ctx Context to be set up
+ * \param name Session ticket encryption key name
+ * \param nlength Session ticket encryption key name length in bytes
+ * \param k Session ticket encryption key
+ * \param klength Session ticket encryption key length in bytes
+ * \param lifetime Tickets lifetime in seconds
+ * Recommended value: 86400 (one day).
+ *
+ * \note \c name and \c k are recommended to be cryptographically
+ * random data.
+ *
+ * \note \c nlength must match sizeof( ctx->name )
+ *
+ * \note \c klength must be sufficient for use by cipher specified
+ * to \c mbedtls_ssl_ticket_setup
+ *
+ * \note The lifetime of the keys is twice the lifetime of tickets.
+ * It is recommended to pick a reasonable lifetime so as not
+ * to negate the benefits of forward secrecy.
+ *
+ * \return 0 if successful,
+ * or a specific MBEDTLS_ERR_XXX error code
+ */
+int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
+ const unsigned char *name, size_t nlength,
+ const unsigned char *k, size_t klength,
+ uint32_t lifetime );
+
+/**
* \brief Implementation of the ticket write callback
*
* \note See \c mbedtls_ssl_ticket_write_t for description
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 25db1c6..652548d 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -90,6 +90,17 @@
*/
int mbedtls_timing_get_delay( void *data );
+/**
+ * \brief Get the final timing delay
+ *
+ * \param data Pointer to timing data
+ * Must point to a valid \c mbedtls_timing_delay_context struct.
+ *
+ * \return Final timing delay in milliseconds.
+ */
+uint32_t mbedtls_timing_get_final_delay(
+ const mbedtls_timing_delay_context *data );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 9a4be95..3c76fec 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -93,7 +93,7 @@
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
-/* \} name */
+/** \} name X509 Error codes */
/**
* \name X509 Verify codes
@@ -121,8 +121,8 @@
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name X509 Verify codes */
+/** \} addtogroup x509_module */
/*
* X.509 v3 Subject Alternative Name types.
@@ -252,7 +252,6 @@
mbedtls_x509_time;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
/**
* \brief Store the certificate DN in printable form into buf;
@@ -308,6 +307,8 @@
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+/** \} addtogroup x509_module */
+
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 52bd43c..0339db8 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -176,8 +176,8 @@
*/
void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing CRLs */
+/** \} addtogroup x509_module */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 3c11a99..51883dc 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -955,8 +955,7 @@
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for parsing and writing X.509 certificates */
#if defined(MBEDTLS_X509_CRT_WRITE_C)
/**
@@ -1186,6 +1185,8 @@
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
+/** \} addtogroup x509_module */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index f80a1a1..20a516e 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -154,8 +154,7 @@
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
#endif /* MBEDTLS_X509_CSR_PARSE_C */
-/* \} name */
-/* \} addtogroup x509_module */
+/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
#if defined(MBEDTLS_X509_CSR_WRITE_C)
/**
@@ -297,6 +296,8 @@
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
+/** \} addtogroup x509_module */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 1643b2e..5f4a9be 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -493,17 +493,14 @@
* This is an attempt to create a persistent key, and there is
* already a persistent key with the given identifier.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The policy constraints on the source and specified in
- * \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The lifetime or identifier in \p attributes are invalid, or
+ * the policy constraints on the source and specified in
+ * \p attributes are incompatible, or
* \p attributes specifies a key type or key size
* which does not match the attributes of the source key.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The source key is not exportable and its lifetime does not
+ * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ * the source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -630,11 +627,9 @@
* The key type or key size is not supported, either by the
* implementation in general or in this particular persistent location.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size in \p attributes is nonzero and does not match the size
+ * The key attributes, as a whole, are invalid, or
+ * the key data is not correctly formatted, or
+ * the size in \p attributes is nonzero and does not match the size
* of the key data.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -858,7 +853,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -894,7 +888,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -984,14 +977,13 @@
* \p alg is not a supported hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1011,14 +1003,13 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it muct be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1054,8 +1045,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p hash buffer is too small. You can determine a
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1065,7 +1054,8 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1100,14 +1090,13 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1158,16 +1147,14 @@
* It must be initialized but not active.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- * The \p target_operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The \p source_operation state is not valid (it must be active), or
+ * the \p target_operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1364,9 +1351,8 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1425,11 +1411,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage
+ * The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1452,15 +1437,14 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1498,9 +1482,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac sign
- * operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
* sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1510,7 +1491,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac sign
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1545,16 +1528,15 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac verify
- * operation).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac verify
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1783,9 +1765,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1847,9 +1828,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1877,8 +1857,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no IV set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1887,7 +1865,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no IV set),
+ * or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1917,9 +1897,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active cipher
- * encrypt operation, with no IV set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
@@ -1929,7 +1906,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active cipher
+ * encrypt operation, with no IV set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1960,9 +1939,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1971,7 +1947,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2013,9 +1991,6 @@
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2024,7 +1999,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2301,7 +2278,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2313,7 +2291,6 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -2367,8 +2344,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2381,7 +2356,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2410,9 +2386,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active aead encrypt
- * operation, with no nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2421,7 +2394,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active aead encrypt
+ * operation, with no nonce set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2451,9 +2426,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no nonce
- * set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2462,7 +2434,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no nonce
+ * set), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2496,10 +2470,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, and
- * psa_aead_update_ad() and psa_aead_update() must not have been
- * called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
@@ -2508,7 +2478,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, and
+ * psa_aead_update_ad() and psa_aead_update() must not have been
+ * called yet), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2544,10 +2517,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, have lengths set if required by the algorithm, and
- * psa_aead_update() must not have been called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
@@ -2557,7 +2526,10 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, have lengths set if required by the algorithm, and
+ * psa_aead_update() must not have been called yet), or the library
+ * has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2622,9 +2594,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2633,9 +2602,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total input length overflows the plaintext length that
+ * specified with psa_aead_set_lengths(), or
+ * the total input length overflows the plaintext length that
* was previously specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2643,7 +2611,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, and have lengths set if required by the algorithm), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2707,9 +2677,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active encryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
* #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2720,9 +2687,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2731,7 +2697,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active encryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2794,9 +2762,6 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculations were successful, but the authentication tag is
* not correct.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active decryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
* #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2805,9 +2770,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2816,7 +2780,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active decryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3303,9 +3269,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3324,12 +3289,11 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3352,13 +3316,12 @@
* \p capacity is larger than the operation's current capacity.
* In this case, the operation object remains valid and its capacity
* remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3402,8 +3365,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow direct inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3411,9 +3373,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3447,8 +3408,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow numeric inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3456,9 +3416,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3515,8 +3474,7 @@
* #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
* algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow key inputs of the given type
* or does not allow key inputs at all.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3525,9 +3483,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3579,25 +3536,23 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this key agreement \p step.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
* or \p peer_key is not valid for \c alg or not compatible with
- * \c private_key.
+ * \c private_key, or \c step does not allow an input resulting
+ * from a key agreement.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step does not allow an input resulting from a key agreement.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this key agreement \p step,
+ * or the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3636,16 +3591,15 @@
* The operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3784,9 +3738,6 @@
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
* key; or one of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3796,7 +3747,9 @@
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3846,16 +3799,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3911,16 +3863,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3986,8 +3937,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p alg is not a key agreement algorithm, or
* \p private_key is not compatible with \p alg,
* or \p peer_key is not valid for \p alg or not compatible with
* \p private_key.
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 6476e3c..d290971 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -97,7 +97,7 @@
#define PSA_WANT_ECC_SECP_K1_192 1
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
* default.
*/
//#define PSA_WANT_ECC_SECP_K1_224 1
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 1f68925..df28fef 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -182,12 +182,9 @@
* support registering a key.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The identifier in \p attributes is invalid, namely the identifier is
- * not in the user range.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * not in the user range, or
* \p attributes specifies a lifetime which is not located
- * in a secure element.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * No slot number is specified in \p attributes,
+ * in a secure element, or no slot number is specified in \p attributes,
* or the specified slot number is not valid.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not authorized to register the specified key slot.
@@ -1349,15 +1346,14 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The \p cipher_suite is not supported or is not valid.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1386,18 +1382,17 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must have been set up.)
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with the algorithm or the cipher suite.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with the algorithm or the cipher suite.
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must have been set up.), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1427,16 +1422,15 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p user_id is NULL.
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1467,18 +1461,17 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The algorithm doesn't associate a second identity with the session.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p user_id is NULL.
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid, or the library has not
+ * been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1510,15 +1503,14 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The \p side for this algorithm is not supported or is not valid.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1556,9 +1548,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, but beyond that
- * validity is specific to the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1567,7 +1556,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1602,18 +1593,17 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, but beyond that
- * validity is specific to the algorithm).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is not valid for the algorithm, ciphersuite or \p step.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The input is not valid for the algorithm, ciphersuite or \p step.
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1657,14 +1647,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The PAKE operation state is not valid (it must be active, but beyond
- * that validity is specific to the algorithm).
- * \retval #PSA_ERROR_BAD_STATE
- * The state of \p output is not valid for
- * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
- * step is out of order or the application has done this step already
- * and it may not be repeated.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s
* algorithm.
@@ -1674,7 +1656,13 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The PAKE operation state is not valid (it must be active, but beyond
+ * that validity is specific to the algorithm), or
+ * the library has not been previously initialized by psa_crypto_init(),
+ * or the state of \p output is not valid for
+ * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+ * step is out of order or the application has done this step already
+ * and it may not be repeated.
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 2c61e53..f333db1 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -203,11 +203,12 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
typedef enum
{
- PSA_TLS12_PRF_STATE_INIT, /* no input provided */
- PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
- PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
- PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
- PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
+ PSA_TLS12_PRF_STATE_INIT, /* no input provided */
+ PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
+ PSA_TLS12_PRF_STATE_OTHER_KEY_SET, /* other key has been set - optional */
+ PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
+ PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
+ PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
} psa_tls12_prf_key_derivation_state_t;
typedef struct psa_tls12_prf_key_derivation_s
@@ -231,6 +232,10 @@
size_t MBEDTLS_PRIVATE(seed_length);
uint8_t *MBEDTLS_PRIVATE(label);
size_t MBEDTLS_PRIVATE(label_length);
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ uint8_t *MBEDTLS_PRIVATE(other_secret);
+ size_t MBEDTLS_PRIVATE(other_secret_length);
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 5a903f8..2f9a15a 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -553,6 +553,9 @@
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
0))
+/** Check if the curve of given family is Weierstrass elliptic curve. */
+#define PSA_ECC_FAMILY_IS_WEIERSTRASS(family) ((family & 0xc0) == 0)
+
/** SEC Koblitz curves over prime fields.
*
* This family comprises the following curves:
@@ -1814,13 +1817,37 @@
* This key derivation algorithm uses the following inputs, which must be
* passed in the order given here:
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ * - #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET is the other secret for the
+ * computation of the premaster secret. This input is optional;
+ * if omitted, it defaults to a string of null bytes with the same length
+ * as the secret (PSK) input.
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
*
* For the application to TLS-1.2, the seed (which is
* forwarded to the TLS-1.2 PRF) is the concatenation of the
* ClientHello.Random + ServerHello.Random,
- * and the label is "master secret" or "extended master secret".
+ * the label is "master secret" or "extended master secret" and
+ * the other secret depends on the key exchange specified in the cipher suite:
+ * - for a plain PSK cipher suite (RFC 4279, Section 2), omit
+ * PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
+ * - for a DHE-PSK (RFC 4279, Section 3) or ECDHE-PSK cipher suite
+ * (RFC 5489, Section 2), the other secret should be the output of the
+ * PSA_ALG_FFDH or PSA_ALG_ECDH key agreement performed with the peer.
+ * The recommended way to pass this input is to use a key derivation
+ * algorithm constructed as
+ * PSA_ALG_KEY_AGREEMENT(ka_alg, PSA_ALG_TLS12_PSK_TO_MS(hash_alg))
+ * and to call psa_key_derivation_key_agreement(). Alternatively,
+ * this input may be an output of `psa_raw_key_agreement()` passed with
+ * psa_key_derivation_input_bytes(), or an equivalent input passed with
+ * psa_key_derivation_input_bytes() or psa_key_derivation_input_key().
+ * - for a RSA-PSK cipher suite (RFC 4279, Section 4), the other secret
+ * should be the 48-byte client challenge (the PreMasterSecret of
+ * (RFC 5246, Section 7.4.7.1)) concatenation of the TLS version and
+ * a 46-byte random string chosen by the client. On the server, this is
+ * typically an output of psa_asymmetric_decrypt() using
+ * PSA_ALG_RSA_PKCS1V15_CRYPT, passed to the key derivation operation
+ * with `psa_key_derivation_input_bytes()`.
*
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
@@ -2451,6 +2478,16 @@
*/
#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)
+/** A high-entropy additional secret input for key derivation.
+ *
+ * This is typically the shared secret resulting from a key agreement obtained
+ * via `psa_key_derivation_key_agreement()`. It may alternatively be a key of
+ * type `PSA_KEY_TYPE_DERIVE` passed to `psa_key_derivation_input_key()`, or
+ * a direct input passed to `psa_key_derivation_input_bytes()`.
+ */
+#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET \
+ ((psa_key_derivation_step_t)0x0103)
+
/** A label for key derivation.
*
* This should be a direct input.
diff --git a/library/.gitignore b/library/.gitignore
index cf2ddac..18cd305 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -7,3 +7,4 @@
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
+/psa_crypto_driver_wrappers.c
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1884db9..6bb2ad3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -99,12 +99,13 @@
net_sockets.c
ssl_cache.c
ssl_ciphersuites.c
- ssl_cli.c
+ ssl_client.c
ssl_cookie.c
ssl_msg.c
- ssl_srv.c
ssl_ticket.c
ssl_tls.c
+ ssl_tls12_client.c
+ ssl_tls12_server.c
ssl_tls13_keys.c
ssl_tls13_server.c
ssl_tls13_client.c
@@ -157,10 +158,25 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${error_headers}
)
+
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.c
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_BINARY_DIR}
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+ )
+
+
else()
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
+ link_to_source(psa_crypto_driver_wrappers.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
@@ -244,6 +260,7 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
+ set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.1.0 SOVERSION 11)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
diff --git a/library/Makefile b/library/Makefile
index 0b5a43a..d267e05 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -168,12 +168,13 @@
net_sockets.o \
ssl_cache.o \
ssl_ciphersuites.o \
- ssl_cli.o \
+ ssl_client.o \
ssl_cookie.o \
ssl_msg.o \
- ssl_srv.o \
ssl_ticket.o \
ssl_tls.o \
+ ssl_tls12_client.o \
+ ssl_tls12_server.o \
ssl_tls13_keys.o \
ssl_tls13_client.o \
ssl_tls13_server.o \
@@ -290,7 +291,8 @@
.PHONY: generated_files
GENERATED_FILES = \
error.c version_features.c \
- ssl_debug_helpers_generated.c
+ ssl_debug_helpers_generated.c \
+ psa_crypto_driver_wrappers.c
generated_files: $(GENERATED_FILES)
error.c: ../scripts/generate_errors.pl
@@ -318,6 +320,12 @@
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
+psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
+psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+psa_crypto_driver_wrappers.c:
+ echo " Gen $@"
+ $(PYTHON) ../scripts/generate_driver_wrappers.py
+
clean:
ifndef WINDOWS
rm -f *.o libmbed*
diff --git a/library/aes.c b/library/aes.c
index 4afc3c4..d2b05e2 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -971,6 +971,7 @@
unsigned char output[16] )
{
AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( ctx->rk != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
diff --git a/library/bignum.c b/library/bignum.c
index e47e259..f06eff0 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -38,6 +38,7 @@
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
+#include "bignum_internal.h"
#include "bn_mul.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -785,6 +786,9 @@
/*
* Import X from unsigned binary data, little endian
+ *
+ * This function is guaranteed to return an MPI with exactly the necessary
+ * number of limbs (in particular, it does not skip 0s in the input).
*/
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
const unsigned char *buf, size_t buflen )
@@ -811,6 +815,9 @@
/*
* Import X from unsigned binary data, big endian
+ *
+ * This function is guaranteed to return an MPI with exactly the necessary
+ * number of limbs (in particular, it does not skip 0s in the input).
*/
int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
{
@@ -1363,92 +1370,36 @@
return( mbedtls_mpi_sub_mpi( X, A, &B ) );
}
-/** Helper for mbedtls_mpi multiplication.
- *
- * Add \p b * \p s to \p d.
- *
- * \param i The number of limbs of \p s.
- * \param[in] s A bignum to multiply, of size \p i.
- * It may overlap with \p d, but only if
- * \p d <= \p s.
- * Its leading limb must not be \c 0.
- * \param[in,out] d The bignum to add to.
- * It must be sufficiently large to store the
- * result of the multiplication. This means
- * \p i + 1 limbs if \p d[\p i - 1] started as 0 and \p b
- * is not known a priori.
- * \param b A scalar to multiply.
- */
-static
-#if defined(__APPLE__) && defined(__arm__)
-/*
- * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
- * appears to need this to prevent bad ARM code generation at -O3.
- */
-__attribute__ ((noinline))
-#endif
-void mpi_mul_hlp( size_t i,
- const mbedtls_mpi_uint *s,
- mbedtls_mpi_uint *d,
- mbedtls_mpi_uint b )
+mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
+ const mbedtls_mpi_uint *s, size_t s_len,
+ mbedtls_mpi_uint b )
{
- mbedtls_mpi_uint c = 0, t = 0;
+ mbedtls_mpi_uint c = 0; /* carry */
+ size_t excess_len = d_len - s_len;
-#if defined(MULADDC_HUIT)
- for( ; i >= 8; i -= 8 )
+ size_t steps_x8 = s_len / 8;
+ size_t steps_x1 = s_len & 7;
+
+ while( steps_x8-- )
{
- MULADDC_INIT
- MULADDC_HUIT
- MULADDC_STOP
+ MULADDC_X8_INIT
+ MULADDC_X8_CORE
+ MULADDC_X8_STOP
}
- for( ; i > 0; i-- )
+ while( steps_x1-- )
{
- MULADDC_INIT
- MULADDC_CORE
- MULADDC_STOP
- }
-#else /* MULADDC_HUIT */
- for( ; i >= 16; i -= 16 )
- {
- MULADDC_INIT
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
-
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
+ MULADDC_X1_INIT
+ MULADDC_X1_CORE
+ MULADDC_X1_STOP
}
- for( ; i >= 8; i -= 8 )
- {
- MULADDC_INIT
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
-
- MULADDC_CORE MULADDC_CORE
- MULADDC_CORE MULADDC_CORE
- MULADDC_STOP
- }
-
- for( ; i > 0; i-- )
- {
- MULADDC_INIT
- MULADDC_CORE
- MULADDC_STOP
- }
-#endif /* MULADDC_HUIT */
-
- t++;
-
- while( c != 0 )
+ while( excess_len-- )
{
*d += c; c = ( *d < c ); d++;
}
+
+ return( c );
}
/*
@@ -1484,8 +1435,14 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
- for( ; j > 0; j-- )
- mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
+ for( size_t k = 0; k < j; k++ )
+ {
+ /* We know that there cannot be any carry-out since we're
+ * iterating from bottom to top. */
+ (void) mbedtls_mpi_core_mla( X->p + k, i + 1,
+ A->p, i,
+ B->p[k] );
+ }
/* If the result is 0, we don't shortcut the operation, which reduces
* but does not eliminate side channels leaking the zero-ness. We do
@@ -1511,19 +1468,15 @@
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
- /* mpi_mul_hlp can't deal with a leading 0. */
size_t n = A->n;
while( n > 0 && A->p[n - 1] == 0 )
--n;
- /* The general method below doesn't work if n==0 or b==0. By chance
- * calculating the result is trivial in those cases. */
+ /* The general method below doesn't work if b==0. */
if( b == 0 || n == 0 )
- {
return( mbedtls_mpi_lset( X, 0 ) );
- }
- /* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
+ /* Calculate A*b as A + A*(b-1) to take advantage of mbedtls_mpi_core_mla */
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* In general, A * b requires 1 limb more than b. If
* A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same
@@ -1532,10 +1485,13 @@
* making the call to grow() unconditional causes slightly fewer
* calls to calloc() in ECP code, presumably because it reuses the
* same mpi for a while and this way the mpi is more likely to directly
- * grow to its final size. */
+ * grow to its final size.
+ *
+ * Note that calculating A*b as 0 + A*b doesn't work as-is because
+ * A,X can be the same. */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
- mpi_mul_hlp( n, A->p, X->p, b - 1 );
+ mbedtls_mpi_core_mla( X->p, X->n, A->p, n, b - 1 );
cleanup:
return( ret );
@@ -1901,8 +1857,8 @@
* \param mm The value calculated by `mpi_montg_init(&mm, N)`.
* This is -N^-1 mod 2^ciL.
* \param[in,out] T A bignum for temporary storage.
- * It must be at least twice the limb size of N plus 2
- * (T->n >= 2 * (N->n + 1)).
+ * It must be at least twice the limb size of N plus 1
+ * (T->n >= 2 * N->n + 1).
* Its initial content is unused and
* its final content is indeterminate.
* Note that unlike the usual convention in the library
@@ -1911,8 +1867,8 @@
static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T )
{
- size_t i, n, m;
- mbedtls_mpi_uint u0, u1, *d;
+ size_t n, m;
+ mbedtls_mpi_uint *d;
memset( T->p, 0, T->n * ciL );
@@ -1920,18 +1876,23 @@
n = N->n;
m = ( B->n < n ) ? B->n : n;
- for( i = 0; i < n; i++ )
+ for( size_t i = 0; i < n; i++ )
{
+ mbedtls_mpi_uint u0, u1;
+
/*
* T = (T + u0*B + u1*N) / 2^biL
*/
u0 = A->p[i];
u1 = ( d[0] + u0 * B->p[0] ) * mm;
- mpi_mul_hlp( m, B->p, d, u0 );
- mpi_mul_hlp( n, N->p, d, u1 );
-
- *d++ = u0; d[n + 1] = 0;
+ (void) mbedtls_mpi_core_mla( d, n + 2,
+ B->p, m,
+ u0 );
+ (void) mbedtls_mpi_core_mla( d, n + 2,
+ N->p, n,
+ u1 );
+ d++;
}
/* At this point, d is either the desired result or the desired result
diff --git a/library/bignum_internal.h b/library/bignum_internal.h
new file mode 100644
index 0000000..8677dcf
--- /dev/null
+++ b/library/bignum_internal.h
@@ -0,0 +1,50 @@
+/**
+ * Internal bignum functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_BIGNUM_INTERNAL_H
+#define MBEDTLS_BIGNUM_INTERNAL_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+/** Perform a known-size multiply accumulate operation
+ *
+ * Add \p b * \p s to \p d.
+ *
+ * \param[in,out] d The pointer to the (little-endian) array
+ * representing the bignum to accumulate onto.
+ * \param d_len The number of limbs of \p d. This must be
+ * at least \p s_len.
+ * \param[in] s The pointer to the (little-endian) array
+ * representing the bignum to multiply with.
+ * This may be the same as \p d. Otherwise,
+ * it must be disjoint from \p d.
+ * \param s_len The number of limbs of \p s.
+ * \param b A scalar to multiply with.
+ *
+ * \return c The carry at the end of the operation.
+ */
+mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len ,
+ const mbedtls_mpi_uint *s, size_t s_len,
+ mbedtls_mpi_uint b );
+
+#endif /* MBEDTLS_BIGNUM_INTERNAL_H */
diff --git a/library/bn_mul.h b/library/bn_mul.h
index b71ddd8..962d7a9 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -98,7 +98,8 @@
*/
#if defined(__i386__) && defined(__OPTIMIZE__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
+ { mbedtls_mpi_uint t; \
asm( \
"movl %%ebx, %0 \n\t" \
"movl %5, %%esi \n\t" \
@@ -106,7 +107,7 @@
"movl %7, %%ecx \n\t" \
"movl %8, %%ebx \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"lodsl \n\t" \
"mull %%ebx \n\t" \
"addl %%ecx, %%eax \n\t" \
@@ -116,9 +117,21 @@
"movl %%edx, %%ecx \n\t" \
"stosl \n\t"
+#define MULADDC_X1_STOP \
+ "movl %4, %%ebx \n\t" \
+ "movl %%ecx, %1 \n\t" \
+ "movl %%edi, %2 \n\t" \
+ "movl %%esi, %3 \n\t" \
+ : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
+ ); }
+
#if defined(MBEDTLS_HAVE_SSE2)
-#define MULADDC_HUIT \
+#define MULADDC_X8_INIT MULADDC_X1_INIT
+
+#define MULADDC_X8_CORE \
"movd %%ecx, %%mm1 \n\t" \
"movd %%ebx, %%mm0 \n\t" \
"movd (%%edi), %%mm3 \n\t" \
@@ -181,7 +194,7 @@
"psrlq $32, %%mm1 \n\t" \
"movd %%mm1, %%ecx \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X8_STOP \
"emms \n\t" \
"movl %4, %%ebx \n\t" \
"movl %%ecx, %1 \n\t" \
@@ -190,29 +203,19 @@
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
: "eax", "ebx", "ecx", "edx", "esi", "edi" \
- );
+ ); } \
-#else
-
-#define MULADDC_STOP \
- "movl %4, %%ebx \n\t" \
- "movl %%ecx, %1 \n\t" \
- "movl %%edi, %2 \n\t" \
- "movl %%esi, %3 \n\t" \
- : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
- : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ebx", "ecx", "edx", "esi", "edi" \
- );
#endif /* SSE2 */
+
#endif /* i386 */
#if defined(__amd64__) || defined (__x86_64__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"xorq %%r8, %%r8\n"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"movq (%%rsi), %%rax\n" \
"mulq %%rbx\n" \
"addq $8, %%rsi\n" \
@@ -224,7 +227,7 @@
"adcq %%rdx, %%rcx\n" \
"addq $8, %%rdi\n"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
: "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
: "b" (b), "m" (*(const uint64_t (*)[16]) s) \
: "rax", "rdx", "r8" \
@@ -234,10 +237,10 @@
#if defined(__aarch64__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm(
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldr x4, [%2], #8 \n\t" \
"ldr x5, [%1] \n\t" \
"mul x6, x4, %4 \n\t" \
@@ -248,7 +251,7 @@
"adc %0, x7, xzr \n\t" \
"str x5, [%1], #8 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
: "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \
: "r" (b), "m" (*(const uint64_t (*)[16]) s) \
: "x4", "x5", "x6", "x7", "cc" \
@@ -258,7 +261,7 @@
#if defined(__mc68020__) || defined(__mcpu32__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"movl %3, %%a2 \n\t" \
"movl %4, %%a3 \n\t" \
@@ -266,7 +269,7 @@
"movl %6, %%d2 \n\t" \
"moveq #0, %%d0 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"movel %%a2@+, %%d1 \n\t" \
"mulul %%d2, %%d4:%%d1 \n\t" \
"addl %%d3, %%d1 \n\t" \
@@ -275,7 +278,7 @@
"addl %%d1, %%a3@+ \n\t" \
"addxl %%d4, %%d3 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"movl %%d3, %0 \n\t" \
"movl %%a3, %1 \n\t" \
"movl %%a2, %2 \n\t" \
@@ -284,7 +287,9 @@
: "d0", "d1", "d2", "d3", "d4", "a2", "a3" \
);
-#define MULADDC_HUIT \
+#define MULADDC_X8_INIT MULADDC_X1_INIT
+
+#define MULADDC_X8_CORE \
"movel %%a2@+, %%d1 \n\t" \
"mulul %%d2, %%d4:%%d1 \n\t" \
"addxl %%d3, %%d1 \n\t" \
@@ -327,13 +332,15 @@
"addl %%d1, %%a3@+ \n\t" \
"addxl %%d0, %%d3 \n\t"
+#define MULADDC_X8_STOP MULADDC_X1_STOP
+
#endif /* MC68000 */
#if defined(__powerpc64__) || defined(__ppc64__)
#if defined(__MACH__) && defined(__APPLE__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ld r3, %3 \n\t" \
"ld r4, %4 \n\t" \
@@ -343,7 +350,7 @@
"addi r4, r4, -8 \n\t" \
"addic r5, r5, 0 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldu r7, 8(r3) \n\t" \
"mulld r8, r7, r6 \n\t" \
"mulhdu r9, r7, r6 \n\t" \
@@ -353,7 +360,7 @@
"addc r8, r8, r7 \n\t" \
"stdu r8, 8(r4) \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"addze r5, r5 \n\t" \
"addi r4, r4, 8 \n\t" \
"addi r3, r3, 8 \n\t" \
@@ -368,7 +375,7 @@
#else /* __MACH__ && __APPLE__ */
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ld %%r3, %3 \n\t" \
"ld %%r4, %4 \n\t" \
@@ -378,7 +385,7 @@
"addi %%r4, %%r4, -8 \n\t" \
"addic %%r5, %%r5, 0 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldu %%r7, 8(%%r3) \n\t" \
"mulld %%r8, %%r7, %%r6 \n\t" \
"mulhdu %%r9, %%r7, %%r6 \n\t" \
@@ -388,7 +395,7 @@
"addc %%r8, %%r8, %%r7 \n\t" \
"stdu %%r8, 8(%%r4) \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"addze %%r5, %%r5 \n\t" \
"addi %%r4, %%r4, 8 \n\t" \
"addi %%r3, %%r3, 8 \n\t" \
@@ -406,7 +413,7 @@
#if defined(__MACH__) && defined(__APPLE__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"lwz r3, %3 \n\t" \
"lwz r4, %4 \n\t" \
@@ -416,7 +423,7 @@
"addi r4, r4, -4 \n\t" \
"addic r5, r5, 0 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"lwzu r7, 4(r3) \n\t" \
"mullw r8, r7, r6 \n\t" \
"mulhwu r9, r7, r6 \n\t" \
@@ -426,7 +433,7 @@
"addc r8, r8, r7 \n\t" \
"stwu r8, 4(r4) \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"addze r5, r5 \n\t" \
"addi r4, r4, 4 \n\t" \
"addi r3, r3, 4 \n\t" \
@@ -440,7 +447,7 @@
#else /* __MACH__ && __APPLE__ */
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"lwz %%r3, %3 \n\t" \
"lwz %%r4, %4 \n\t" \
@@ -450,7 +457,7 @@
"addi %%r4, %%r4, -4 \n\t" \
"addic %%r5, %%r5, 0 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"lwzu %%r7, 4(%%r3) \n\t" \
"mullw %%r8, %%r7, %%r6 \n\t" \
"mulhwu %%r9, %%r7, %%r6 \n\t" \
@@ -460,7 +467,7 @@
"addc %%r8, %%r8, %%r7 \n\t" \
"stwu %%r8, 4(%%r4) \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"addze %%r5, %%r5 \n\t" \
"addi %%r4, %%r4, 4 \n\t" \
"addi %%r3, %%r3, 4 \n\t" \
@@ -483,14 +490,14 @@
#if 0 && defined(__sparc__)
#if defined(__sparc64__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ldx %3, %%o0 \n\t" \
"ldx %4, %%o1 \n\t" \
"ld %5, %%o2 \n\t" \
"ld %6, %%o3 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ld [%%o0], %%o4 \n\t" \
"inc 4, %%o0 \n\t" \
"ld [%%o1], %%o5 \n\t" \
@@ -503,7 +510,7 @@
"addx %%g1, 0, %%o2 \n\t" \
"inc 4, %%o1 \n\t"
- #define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"st %%o2, %0 \n\t" \
"stx %%o1, %1 \n\t" \
"stx %%o0, %2 \n\t" \
@@ -515,14 +522,14 @@
#else /* __sparc64__ */
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ld %3, %%o0 \n\t" \
"ld %4, %%o1 \n\t" \
"ld %5, %%o2 \n\t" \
"ld %6, %%o3 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ld [%%o0], %%o4 \n\t" \
"inc 4, %%o0 \n\t" \
"ld [%%o1], %%o5 \n\t" \
@@ -535,7 +542,7 @@
"addx %%g1, 0, %%o2 \n\t" \
"inc 4, %%o1 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"st %%o2, %0 \n\t" \
"st %%o1, %1 \n\t" \
"st %%o0, %2 \n\t" \
@@ -550,7 +557,7 @@
#if defined(__microblaze__) || defined(microblaze)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"lwi r3, %3 \n\t" \
"lwi r4, %4 \n\t" \
@@ -559,7 +566,7 @@
"andi r7, r6, 0xffff \n\t" \
"bsrli r6, r6, 16 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"lhui r8, r3, 0 \n\t" \
"addi r3, r3, 2 \n\t" \
"lhui r9, r3, 0 \n\t" \
@@ -586,7 +593,7 @@
"swi r12, r4, 0 \n\t" \
"addi r4, r4, 4 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"swi r5, %0 \n\t" \
"swi r4, %1 \n\t" \
"swi r3, %2 \n\t" \
@@ -600,7 +607,7 @@
#if defined(__tricore__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ld.a %%a2, %3 \n\t" \
"ld.a %%a3, %4 \n\t" \
@@ -608,7 +615,7 @@
"ld.w %%d1, %6 \n\t" \
"xor %%d5, %%d5 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ld.w %%d0, [%%a2+] \n\t" \
"madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \
"ld.w %%d0, [%%a3] \n\t" \
@@ -617,7 +624,7 @@
"mov %%d4, %%d3 \n\t" \
"st.w [%%a3+], %%d2 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"st.w %0, %%d4 \n\t" \
"st.a %1, %%a3 \n\t" \
"st.a %2, %%a2 \n\t" \
@@ -647,7 +654,7 @@
#if defined(__thumb__) && !defined(__thumb2__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ldr r0, %3 \n\t" \
"ldr r1, %4 \n\t" \
@@ -659,7 +666,7 @@
"lsr r7, r7, #16 \n\t" \
"mov r8, r7 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldmia r0!, {r6} \n\t" \
"lsr r7, r6, #16 \n\t" \
"lsl r6, r6, #16 \n\t" \
@@ -690,7 +697,7 @@
"adc r2, r5 \n\t" \
"stmia r1!, {r4} \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"str r2, %0 \n\t" \
"str r1, %1 \n\t" \
"str r0, %2 \n\t" \
@@ -703,31 +710,79 @@
#elif (__ARM_ARCH >= 6) && \
defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
-#define MULADDC_INIT \
- asm(
+#define MULADDC_X1_INIT \
+ { \
+ mbedtls_mpi_uint tmp_a, tmp_b; \
+ asm volatile (
-#define MULADDC_CORE \
- "ldr r0, [%0], #4 \n\t" \
- "ldr r1, [%1] \n\t" \
- "umaal r1, %2, %3, r0 \n\t" \
- "str r1, [%1], #4 \n\t"
+#define MULADDC_X1_CORE \
+ ".p2align 2 \n\t" \
+ "ldr.w %[a], [%[in]], #4 \n\t" \
+ "ldr.w %[b], [%[acc]] \n\t" \
+ "umaal %[b], %[carry], %[scalar], %[a] \n\t" \
+ "str.w %[b], [%[acc]], #4 \n\t"
-#define MULADDC_STOP \
- : "=r" (s), "=r" (d), "=r" (c) \
- : "r" (b), "0" (s), "1" (d), "2" (c) \
- : "r0", "r1", "memory" \
- );
+#define MULADDC_X1_STOP \
+ : [a] "=&r" (tmp_a), \
+ [b] "=&r" (tmp_b), \
+ [in] "+r" (s), \
+ [acc] "+r" (d), \
+ [carry] "+l" (c) \
+ : [scalar] "r" (b) \
+ : "memory" \
+ ); \
+ }
+
+#define MULADDC_X2_INIT \
+ { \
+ mbedtls_mpi_uint tmp_a0, tmp_b0; \
+ mbedtls_mpi_uint tmp_a1, tmp_b1; \
+ asm volatile (
+
+ /* - Make sure loop is 4-byte aligned to avoid stalls
+ * upon repeated non-word aligned instructions in
+ * some microarchitectures.
+ * - Don't use ldm with post-increment or back-to-back
+ * loads with post-increment and same address register
+ * to avoid stalls on some microarchitectures.
+ * - Bunch loads and stores to reduce latency on some
+ * microarchitectures. E.g., on Cortex-M4, the first
+ * in a series of load/store operations has latency
+ * 2 cycles, while subsequent loads/stores are single-cycle. */
+#define MULADDC_X2_CORE \
+ ".p2align 2 \n\t" \
+ "ldr.w %[a0], [%[in]], #+8 \n\t" \
+ "ldr.w %[b0], [%[acc]], #+8 \n\t" \
+ "ldr.w %[a1], [%[in], #-4] \n\t" \
+ "ldr.w %[b1], [%[acc], #-4] \n\t" \
+ "umaal %[b0], %[carry], %[scalar], %[a0] \n\t" \
+ "umaal %[b1], %[carry], %[scalar], %[a1] \n\t" \
+ "str.w %[b0], [%[acc], #-8] \n\t" \
+ "str.w %[b1], [%[acc], #-4] \n\t"
+
+#define MULADDC_X2_STOP \
+ : [a0] "=&r" (tmp_a0), \
+ [b0] "=&r" (tmp_b0), \
+ [a1] "=&r" (tmp_a1), \
+ [b1] "=&r" (tmp_b1), \
+ [in] "+r" (s), \
+ [acc] "+r" (d), \
+ [carry] "+l" (c) \
+ : [scalar] "r" (b) \
+ : "memory" \
+ ); \
+ }
#else
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ldr r0, %3 \n\t" \
"ldr r1, %4 \n\t" \
"ldr r2, %5 \n\t" \
"ldr r3, %6 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldr r4, [r0], #4 \n\t" \
"mov r5, #0 \n\t" \
"ldr r6, [r1] \n\t" \
@@ -736,7 +791,7 @@
"adc r2, r5, #0 \n\t" \
"str r7, [r1], #4 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"str r2, %0 \n\t" \
"str r1, %1 \n\t" \
"str r0, %2 \n\t" \
@@ -752,14 +807,14 @@
#if defined(__alpha__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"ldq $1, %3 \n\t" \
"ldq $2, %4 \n\t" \
"ldq $3, %5 \n\t" \
"ldq $4, %6 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"ldq $6, 0($1) \n\t" \
"addq $1, 8, $1 \n\t" \
"mulq $6, $4, $7 \n\t" \
@@ -774,7 +829,7 @@
"addq $6, $3, $3 \n\t" \
"addq $5, $3, $3 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"stq $3, %0 \n\t" \
"stq $2, %1 \n\t" \
"stq $1, %2 \n\t" \
@@ -786,14 +841,14 @@
#if defined(__mips__) && !defined(__mips64)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
asm( \
"lw $10, %3 \n\t" \
"lw $11, %4 \n\t" \
"lw $12, %5 \n\t" \
"lw $13, %6 \n\t"
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
"lw $14, 0($10) \n\t" \
"multu $13, $14 \n\t" \
"addi $10, $10, 4 \n\t" \
@@ -809,7 +864,7 @@
"addu $12, $12, $14 \n\t" \
"addi $11, $11, 4 \n\t"
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
"sw $12, %0 \n\t" \
"sw $11, %1 \n\t" \
"sw $10, %2 \n\t" \
@@ -823,13 +878,13 @@
#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
__asm mov esi, s \
__asm mov edi, d \
__asm mov ecx, c \
__asm mov ebx, b
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
__asm lodsd \
__asm mul ebx \
__asm add eax, ecx \
@@ -839,11 +894,18 @@
__asm mov ecx, edx \
__asm stosd
+#define MULADDC_X1_STOP \
+ __asm mov c, ecx \
+ __asm mov d, edi \
+ __asm mov s, esi
+
#if defined(MBEDTLS_HAVE_SSE2)
#define EMIT __asm _emit
-#define MULADDC_HUIT \
+#define MULADDC_X8_INIT MULADDC_X1_INIT
+
+#define MULADDC_X8_CORE \
EMIT 0x0F EMIT 0x6E EMIT 0xC9 \
EMIT 0x0F EMIT 0x6E EMIT 0xC3 \
EMIT 0x0F EMIT 0x6E EMIT 0x1F \
@@ -906,33 +968,26 @@
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
EMIT 0x0F EMIT 0x7E EMIT 0xC9
-#define MULADDC_STOP \
+#define MULADDC_X8_STOP \
EMIT 0x0F EMIT 0x77 \
__asm mov c, ecx \
__asm mov d, edi \
- __asm mov s, esi \
-
-#else
-
-#define MULADDC_STOP \
- __asm mov c, ecx \
- __asm mov d, edi \
- __asm mov s, esi \
+ __asm mov s, esi
#endif /* SSE2 */
#endif /* MSVC */
#endif /* MBEDTLS_HAVE_ASM */
-#if !defined(MULADDC_CORE)
+#if !defined(MULADDC_X1_CORE)
#if defined(MBEDTLS_HAVE_UDBL)
-#define MULADDC_INIT \
+#define MULADDC_X1_INIT \
{ \
mbedtls_t_udbl r; \
mbedtls_mpi_uint r0, r1;
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
r = *(s++) * (mbedtls_t_udbl) b; \
r0 = (mbedtls_mpi_uint) r; \
r1 = (mbedtls_mpi_uint)( r >> biL ); \
@@ -940,18 +995,19 @@
r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0;
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
}
-#else
-#define MULADDC_INIT \
+#else /* MBEDTLS_HAVE_UDBL */
+
+#define MULADDC_X1_INIT \
{ \
mbedtls_mpi_uint s0, s1, b0, b1; \
mbedtls_mpi_uint r0, r1, rx, ry; \
b0 = ( b << biH ) >> biH; \
b1 = ( b >> biH );
-#define MULADDC_CORE \
+#define MULADDC_X1_CORE \
s0 = ( *s << biH ) >> biH; \
s1 = ( *s >> biH ); s++; \
rx = s0 * b1; r0 = s0 * b0; \
@@ -965,10 +1021,28 @@
r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0;
-#define MULADDC_STOP \
+#define MULADDC_X1_STOP \
}
-#endif /* C (generic) */
#endif /* C (longlong) */
+#endif /* C (generic) */
+
+#if !defined(MULADDC_X2_CORE)
+#define MULADDC_X2_INIT MULADDC_X1_INIT
+#define MULADDC_X2_STOP MULADDC_X1_STOP
+#define MULADDC_X2_CORE MULADDC_X1_CORE MULADDC_X1_CORE
+#endif /* MULADDC_X2_CORE */
+
+#if !defined(MULADDC_X4_CORE)
+#define MULADDC_X4_INIT MULADDC_X2_INIT
+#define MULADDC_X4_STOP MULADDC_X2_STOP
+#define MULADDC_X4_CORE MULADDC_X2_CORE MULADDC_X2_CORE
+#endif /* MULADDC_X4_CORE */
+
+#if !defined(MULADDC_X8_CORE)
+#define MULADDC_X8_INIT MULADDC_X4_INIT
+#define MULADDC_X8_STOP MULADDC_X4_STOP
+#define MULADDC_X8_CORE MULADDC_X4_CORE MULADDC_X4_CORE
+#endif /* MULADDC_X8_CORE */
#endif /* bn_mul.h */
diff --git a/library/cipher.c b/library/cipher.c
index 03e84c6..4c7ca3f 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -386,6 +386,12 @@
#if defined(MBEDTLS_CHACHA20_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
{
+ /* Even though the actual_iv_size is overwritten with a correct value
+ * of 12 from the cipher info, return an error to indicate that
+ * the input iv_len is wrong. */
+ if( iv_len != 12 )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
iv,
0U ) ) /* Initial counter value */
@@ -393,6 +399,11 @@
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
}
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+ iv_len != 12 )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif
#endif
#if defined(MBEDTLS_GCM_C)
diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h
index 90563d8..e27d6af 100644
--- a/library/cipher_wrap.h
+++ b/library/cipher_wrap.h
@@ -130,7 +130,7 @@
typedef struct
{
psa_algorithm_t alg;
- psa_key_id_t slot;
+ mbedtls_svc_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;
} mbedtls_cipher_context_psa;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/constant_time.c b/library/constant_time.c
index d8870ae..a6451bb 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -437,6 +437,126 @@
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if defined(PSA_WANT_ALG_SHA_384)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_384 )
+#elif defined(PSA_WANT_ALG_SHA_256)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_256 )
+#else /* See check_config.h */
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_1 )
+#endif
+
+int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
+ psa_algorithm_t mac_alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output )
+{
+ /*
+ * This function breaks the HMAC abstraction and uses psa_hash_clone()
+ * extension in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2).
+ *
+ * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by
+ * hashing up to minlen, then cloning the context, and for each byte up
+ * to maxlen finishing up the hash computation, keeping only the
+ * correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( mac_alg );
+ const size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+ unsigned char key_buf[MAX_HASH_BLOCK_LENGTH];
+ const size_t hash_size = PSA_HASH_LENGTH( hash_alg );
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t hash_length;
+
+ unsigned char aux_out[PSA_HASH_MAX_SIZE];
+ psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT;
+ size_t offset;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t mac_key_length;
+ size_t i;
+
+#define PSA_CHK( func_call ) \
+ do { \
+ status = (func_call); \
+ if( status != PSA_SUCCESS ) \
+ goto cleanup; \
+ } while( 0 )
+
+ /* Export MAC key
+ * We assume key length is always exactly the output size
+ * which is never more than the block size, thus we use block_size
+ * as the key buffer size.
+ */
+ PSA_CHK( psa_export_key( key, key_buf, block_size, &mac_key_length ) );
+
+ /* Calculate ikey */
+ for( i = 0; i < mac_key_length; i++ )
+ key_buf[i] = (unsigned char)( key_buf[i] ^ 0x36 );
+ for(; i < block_size; ++i )
+ key_buf[i] = 0x36;
+
+ PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
+
+ /* Now compute inner_hash = HASH(ikey + msg) */
+ PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
+ PSA_CHK( psa_hash_update( &operation, add_data, add_data_len ) );
+ PSA_CHK( psa_hash_update( &operation, data, min_data_len ) );
+
+ /* For each possible length, compute the hash up to that point */
+ for( offset = min_data_len; offset <= max_data_len; offset++ )
+ {
+ PSA_CHK( psa_hash_clone( &operation, &aux_operation ) );
+ PSA_CHK( psa_hash_finish( &aux_operation, aux_out,
+ PSA_HASH_MAX_SIZE, &hash_length ) );
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
+ offset, data_len_secret );
+
+ if( offset < max_data_len )
+ PSA_CHK( psa_hash_update( &operation, data + offset, 1 ) );
+ }
+
+ /* Abort current operation to prepare for final operation */
+ PSA_CHK( psa_hash_abort( &operation ) );
+
+ /* Calculate okey */
+ for( i = 0; i < mac_key_length; i++ )
+ key_buf[i] = (unsigned char)( ( key_buf[i] ^ 0x36 ) ^ 0x5C );
+ for(; i < block_size; ++i )
+ key_buf[i] = 0x5C;
+
+ /* Now compute HASH(okey + inner_hash) */
+ PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
+ PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
+ PSA_CHK( psa_hash_update( &operation, output, hash_size ) );
+ PSA_CHK( psa_hash_finish( &operation, output, hash_size, &hash_length ) );
+
+#undef PSA_CHK
+
+cleanup:
+ mbedtls_platform_zeroize( key_buf, MAX_HASH_BLOCK_LENGTH );
+ mbedtls_platform_zeroize( aux_out, PSA_HASH_MAX_SIZE );
+
+ psa_hash_abort( &operation );
+ psa_hash_abort( &aux_operation );
+ return( psa_ssl_status_to_mbedtls( status ) );
+}
+
+#undef MAX_HASH_BLOCK_LENGTH
+
+#else
int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
@@ -520,6 +640,7 @@
mbedtls_md_free( &aux );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -533,6 +654,13 @@
* about whether the assignment was made or not.
* (Leaking information about the respective sizes of X and Y is ok however.)
*/
+#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103)
+/*
+ * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See:
+ * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989
+ */
+__declspec(noinline)
+#endif
int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
const mbedtls_mpi *Y,
unsigned char assign )
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 053cf12..4838d05 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -276,6 +276,17 @@
* \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
* The hardware accelerator failed.
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output );
+#else
int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
@@ -284,6 +295,7 @@
size_t min_data_len,
size_t max_data_len,
unsigned char *output );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
diff --git a/library/ecdh.c b/library/ecdh.c
index d1680b5..8be7f19 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -32,8 +32,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "ecdh_misc.h"
-
#include <string.h>
/* Parameter validation macros based on platform_util.h */
@@ -727,140 +725,4 @@
}
#endif
}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
- size_t *out_len, int point_format,
- unsigned char *buf, size_t buf_len,
- int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ctx->grp.pbits == 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
- f_rng, p_rng ) ) != 0 )
- return( ret );
-
- ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
- out_len, buf, buf_len );
- if( ret != 0 )
- return( ret );
-
- return( 0 );
-}
-
-int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len,
- unsigned char *buf, size_t buf_len,
- int ( *f_rng )( void *, unsigned char *, size_t ),
- void *p_rng )
-{
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( out_len != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
-
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ctx-> restart_enabled )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#endif
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format,
- buf, buf_len, f_rng, p_rng ) );
-#else
- switch( ctx->var )
- {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#endif
- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh,
- out_len, ctx->point_format,
- buf, buf_len, f_rng, p_rng ) );
- default:
- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
- }
-#endif
-}
-
-/*
- * Setup context without Everest
- */
-int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
- mbedtls_ecp_group_id grp_id )
-{
- ECDH_VALIDATE_RET( ctx != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_setup_internal( ctx, grp_id ) );
-#else
- ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
- ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
- ctx->grp_id = grp_id;
- ecdh_init_internal( &ctx->ctx.mbed_ecdh );
- return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
-#endif
-}
-
-static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
- const unsigned char *buf,
- size_t buf_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const unsigned char *p = buf;
- size_t data_len;
-
- if( buf_len < 3 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
-
- if( data_len < 1 || data_len != ( buf_len - 2 ) )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
- &ctx->Qp, p, data_len ) ) != 0)
- {
- return( ret );
- }
-
- return( 0 );
-}
-
-/*
- * Parse and import the client's TLS 1.3 public value
- */
-int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf,
- size_t buf_len )
-{
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
-#else
- switch( ctx->var )
- {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- case MBEDTLS_ECDH_VARIANT_EVEREST:
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#endif
- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
- return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
- buf, buf_len ) );
- default:
- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
- }
-#endif
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
#endif /* MBEDTLS_ECDH_C */
diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h
deleted file mode 100644
index 37cb6d8..0000000
--- a/library/ecdh_misc.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * \file ecdh_misc.h
- *
- * \brief Internal functions shared by the ECDH module
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 ( the "License" ); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#if !defined(MBEDTLS_ECDH_MISC_H)
-#define MBEDTLS_ECDH_MISC_H
-
-#include "mbedtls/ecdh.h"
-#include "mbedtls/ecp.h"
-
-#if defined(MBEDTLS_ECDH_C)
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-/*
- * Setup context without Everest
- */
-int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
- mbedtls_ecp_group_id grp_id );
-
-/*
- * TLS 1.3 version of mbedtls_ecdh_make_params
- */
-int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t buf_len,
- int ( *f_rng )( void *, unsigned char *, size_t ),
- void *p_rng );
-
-/*
- * TLS 1.3 version of mbedtls_ecdh_read_public
- */
-int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf,
- size_t buf_len );
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#endif /* MBEDTLS_ECDH_C */
-
-#endif /* !MBEDTLS_ECDH_MISC_H */
diff --git a/library/ecp.c b/library/ecp.c
index 0212069..f39cb02 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -342,6 +342,18 @@
#endif /* MBEDTLS_ECP_RESTARTABLE */
+static void mpi_init_many( mbedtls_mpi *arr, size_t size )
+{
+ while( size-- )
+ mbedtls_mpi_init( arr++ );
+}
+
+static void mpi_free_many( mbedtls_mpi *arr, size_t size )
+{
+ while( size-- )
+ mbedtls_mpi_free( arr++ );
+}
+
/*
* List of supported curves:
* - internal ID
@@ -1093,9 +1105,11 @@
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
* N->s < 0 is a very fast test, which fails only if N is 0
*/
-#define MOD_SUB( N ) \
- while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
+#define MOD_SUB( N ) \
+ do { \
+ while( (N)->s < 0 && mbedtls_mpi_cmp_int( (N), 0 ) != 0 ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( (N), (N), &grp->P ) ); \
+ } while( 0 )
#if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
!( defined(MBEDTLS_ECP_NO_FALLBACK) && \
@@ -1111,7 +1125,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
- MOD_SUB( *X );
+ MOD_SUB( X );
cleanup:
return( ret );
}
@@ -1122,9 +1136,9 @@
* We known P, N and the result are positive, so sub_abs is correct, and
* a bit faster.
*/
-#define MOD_ADD( N ) \
- while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
+#define MOD_ADD( N ) \
+ while( mbedtls_mpi_cmp_mpi( (N), &grp->P ) >= 0 ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( (N), (N), &grp->P ) )
static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
@@ -1133,11 +1147,40 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
- MOD_ADD( *X );
+ MOD_ADD( X );
cleanup:
return( ret );
}
+static inline int mbedtls_mpi_mul_int_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_uint c )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( X, A, c ) );
+ MOD_ADD( X );
+cleanup:
+ return( ret );
+}
+
+static inline int mbedtls_mpi_sub_int_mod( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_uint c )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, A, c ) );
+ MOD_SUB( X );
+cleanup:
+ return( ret );
+}
+
+#define MPI_ECP_SUB_INT( X, A, c ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int_mod( grp, X, A, c ) )
+
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
!( defined(MBEDTLS_ECP_NO_FALLBACK) && \
defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
@@ -1148,12 +1191,77 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
- MOD_ADD( *X );
+ MOD_ADD( X );
cleanup:
return( ret );
}
#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
+/*
+ * Macro wrappers around ECP modular arithmetic
+ *
+ * Currently, these wrappers are defined via the bignum module.
+ */
+
+#define MPI_ECP_ADD( X, A, B ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, X, A, B ) )
+
+#define MPI_ECP_SUB( X, A, B ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, X, A, B ) )
+
+#define MPI_ECP_MUL( X, A, B ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, X, A, B ) )
+
+#define MPI_ECP_SQR( X, A ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, X, A, A ) )
+
+#define MPI_ECP_MUL_INT( X, A, c ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int_mod( grp, X, A, c ) )
+
+#define MPI_ECP_INV( dst, src ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( (dst), (src), &grp->P ) )
+
+#define MPI_ECP_MOV( X, A ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) )
+
+#define MPI_ECP_SHIFT_L( X, count ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, X, count ) )
+
+#define MPI_ECP_LSET( X, c ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, c ) )
+
+#define MPI_ECP_CMP_INT( X, c ) \
+ mbedtls_mpi_cmp_int( X, c )
+
+#define MPI_ECP_CMP( X, Y ) \
+ mbedtls_mpi_cmp_mpi( X, Y )
+
+/* Needs f_rng, p_rng to be defined. */
+#define MPI_ECP_RAND( X ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( (X), 2, &grp->P, f_rng, p_rng ) )
+
+/* Conditional negation
+ * Needs grp and a temporary MPI tmp to be defined. */
+#define MPI_ECP_COND_NEG( X, cond ) \
+ do \
+ { \
+ unsigned char nonzero = mbedtls_mpi_cmp_int( (X), 0 ) != 0; \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &tmp, &grp->P, (X) ) ); \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( (X), &tmp, \
+ nonzero & cond ) ); \
+ } while( 0 )
+
+#define MPI_ECP_NEG( X ) MPI_ECP_COND_NEG( (X), 1 )
+
+#define MPI_ECP_VALID( X ) \
+ ( (X)->p != NULL )
+
+#define MPI_ECP_COND_ASSIGN( X, Y, cond ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( (X), (Y), (cond) ) )
+
+#define MPI_ECP_COND_SWAP( X, Y, cond ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( (X), (Y), (cond) ) )
+
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
* For curves in short Weierstrass form, we do all the internal operations in
@@ -1169,7 +1277,7 @@
*/
static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
{
- if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &pt->Z, 0 ) == 0 )
return( 0 );
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
@@ -1181,30 +1289,20 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi Zi, ZZi;
- mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
+ mbedtls_mpi T;
+ mbedtls_mpi_init( &T );
- /*
- * X = X / Z^2 mod p
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) );
+ MPI_ECP_INV( &T, &pt->Z ); /* T <- 1 / Z */
+ MPI_ECP_MUL( &pt->Y, &pt->Y, &T ); /* Y' <- Y*T = Y / Z */
+ MPI_ECP_SQR( &T, &T ); /* T <- T^2 = 1 / Z^2 */
+ MPI_ECP_MUL( &pt->X, &pt->X, &T ); /* X <- X * T = X / Z^2 */
+ MPI_ECP_MUL( &pt->Y, &pt->Y, &T ); /* Y'' <- Y' * T = Y / Z^3 */
- /*
- * Y = Y / Z^3 mod p
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) );
-
- /*
- * Z = 1
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MPI_ECP_LSET( &pt->Z, 1 );
cleanup:
- mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
+ mbedtls_mpi_free( &T );
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */
@@ -1237,52 +1335,58 @@
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
- mbedtls_mpi *c, u, Zi, ZZi;
+ mbedtls_mpi *c, t;
if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
- for( i = 0; i < T_size; i++ )
- mbedtls_mpi_init( &c[i] );
+ mbedtls_mpi_init( &t );
- mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
-
+ mpi_init_many( c, T_size );
/*
- * c[i] = Z_0 * ... * Z_i
+ * c[i] = Z_0 * ... * Z_i, i = 0,..,n := T_size-1
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
+ MPI_ECP_MOV( &c[0], &T[0]->Z );
for( i = 1; i < T_size; i++ )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) );
+ MPI_ECP_MUL( &c[i], &c[i-1], &T[i]->Z );
}
/*
- * u = 1 / (Z_0 * ... * Z_n) mod P
+ * c[n] = 1 / (Z_0 * ... * Z_n) mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) );
+ MPI_ECP_INV( &c[T_size-1], &c[T_size-1] );
for( i = T_size - 1; ; i-- )
{
- /*
- * Zi = 1 / Z_i mod p
- * u = 1 / (Z_0 * ... * Z_i) mod P
+ /* At the start of iteration i (note that i decrements), we have
+ * - c[j] = Z_0 * .... * Z_j for j < i,
+ * - c[j] = 1 / (Z_0 * .... * Z_j) for j == i,
+ *
+ * This is maintained via
+ * - c[i-1] <- c[i] * Z_i
+ *
+ * We also derive 1/Z_i = c[i] * c[i-1] for i>0 and use that
+ * to do the actual normalization. For i==0, we already have
+ * c[0] = 1 / Z_0.
*/
- if( i == 0 ) {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) );
+
+ if( i > 0 )
+ {
+ /* Compute 1/Z_i and establish invariant for the next iteration. */
+ MPI_ECP_MUL( &t, &c[i], &c[i-1] );
+ MPI_ECP_MUL( &c[i-1], &c[i], &T[i]->Z );
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) );
+ MPI_ECP_MOV( &t, &c[0] );
}
- /*
- * proceed as in normalize()
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) );
+ /* Now t holds 1 / Z_i; normalize as in ecp_normalize_jac() */
+ MPI_ECP_MUL( &T[i]->Y, &T[i]->Y, &t );
+ MPI_ECP_SQR( &t, &t );
+ MPI_ECP_MUL( &T[i]->X, &T[i]->X, &t );
+ MPI_ECP_MUL( &T[i]->Y, &T[i]->Y, &t );
/*
* Post-precessing: reclaim some memory by shrinking coordinates
@@ -1292,7 +1396,8 @@
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
- mbedtls_mpi_free( &T[i]->Z );
+
+ MPI_ECP_LSET( &T[i]->Z, 1 );
if( i == 0 )
break;
@@ -1300,9 +1405,8 @@
cleanup:
- mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
- for( i = 0; i < T_size; i++ )
- mbedtls_mpi_free( &c[i] );
+ mbedtls_mpi_free( &t );
+ mpi_free_many( c, T_size );
mbedtls_free( c );
return( ret );
@@ -1318,19 +1422,13 @@
unsigned char inv )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char nonzero;
- mbedtls_mpi mQY;
+ mbedtls_mpi tmp;
+ mbedtls_mpi_init( &tmp );
- mbedtls_mpi_init( &mQY );
-
- /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) );
- nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0;
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) );
+ MPI_ECP_COND_NEG( &Q->Y, inv );
cleanup:
- mbedtls_mpi_free( &mQY );
-
+ mbedtls_mpi_free( &tmp );
return( ret );
}
@@ -1349,7 +1447,8 @@
* 3M + 6S + 1a otherwise
*/
static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point *P )
+ const mbedtls_ecp_point *P,
+ mbedtls_mpi tmp[4] )
{
#if defined(MBEDTLS_SELF_TEST)
dbl_count++;
@@ -1364,67 +1463,64 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi M, S, T, U;
-
- mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
/* Special case for A = -3 */
if( grp->A.p == NULL )
{
- /* M = 3(X + Z^2)(X - Z^2) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
+ /* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */
+ MPI_ECP_SQR( &tmp[1], &P->Z );
+ MPI_ECP_ADD( &tmp[2], &P->X, &tmp[1] );
+ MPI_ECP_SUB( &tmp[3], &P->X, &tmp[1] );
+ MPI_ECP_MUL( &tmp[1], &tmp[2], &tmp[3] );
+ MPI_ECP_MUL_INT( &tmp[0], &tmp[1], 3 );
}
else
{
- /* M = 3.X^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
+ /* tmp[0] <- M = 3.X^2 + A.Z^4 */
+ MPI_ECP_SQR( &tmp[1], &P->X );
+ MPI_ECP_MUL_INT( &tmp[0], &tmp[1], 3 );
/* Optimize away for "koblitz" curves with A = 0 */
- if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
+ if( MPI_ECP_CMP_INT( &grp->A, 0 ) != 0 )
{
/* M += A.Z^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) );
+ MPI_ECP_SQR( &tmp[1], &P->Z );
+ MPI_ECP_SQR( &tmp[2], &tmp[1] );
+ MPI_ECP_MUL( &tmp[1], &tmp[2], &grp->A );
+ MPI_ECP_ADD( &tmp[0], &tmp[0], &tmp[1] );
}
}
- /* S = 4.X.Y^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) );
+ /* tmp[1] <- S = 4.X.Y^2 */
+ MPI_ECP_SQR( &tmp[2], &P->Y );
+ MPI_ECP_SHIFT_L( &tmp[2], 1 );
+ MPI_ECP_MUL( &tmp[1], &P->X, &tmp[2] );
+ MPI_ECP_SHIFT_L( &tmp[1], 1 );
- /* U = 8.Y^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
+ /* tmp[3] <- U = 8.Y^4 */
+ MPI_ECP_SQR( &tmp[3], &tmp[2] );
+ MPI_ECP_SHIFT_L( &tmp[3], 1 );
- /* T = M^2 - 2.S */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) );
+ /* tmp[2] <- T = M^2 - 2.S */
+ MPI_ECP_SQR( &tmp[2], &tmp[0] );
+ MPI_ECP_SUB( &tmp[2], &tmp[2], &tmp[1] );
+ MPI_ECP_SUB( &tmp[2], &tmp[2], &tmp[1] );
- /* S = M(S - T) - U */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) );
+ /* tmp[1] <- S = M(S - T) - U */
+ MPI_ECP_SUB( &tmp[1], &tmp[1], &tmp[2] );
+ MPI_ECP_MUL( &tmp[1], &tmp[1], &tmp[0] );
+ MPI_ECP_SUB( &tmp[1], &tmp[1], &tmp[3] );
- /* U = 2.Y.Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) );
+ /* tmp[3] <- U = 2.Y.Z */
+ MPI_ECP_MUL( &tmp[3], &P->Y, &P->Z );
+ MPI_ECP_SHIFT_L( &tmp[3], 1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
+ /* Store results */
+ MPI_ECP_MOV( &R->X, &tmp[2] );
+ MPI_ECP_MOV( &R->Y, &tmp[1] );
+ MPI_ECP_MOV( &R->Z, &tmp[3] );
cleanup:
- mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */
@@ -1436,6 +1532,10 @@
* The coordinates of Q must be normalized (= affine),
* but those of P don't need to. R is not normalized.
*
+ * P,Q,R may alias, but only at the level of EC points: they must be either
+ * equal as pointers, or disjoint (including the coordinate data buffers).
+ * Fine-grained aliasing at the level of coordinates is not supported.
+ *
* Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
* None of these cases can happen as intermediate step in ecp_mul_comb():
* - at each step, P, Q and R are multiples of the base point, the factor
@@ -1444,12 +1544,11 @@
* due to the choice of precomputed points in the modified comb method.
* So branches for these cases do not leak secret information.
*
- * We accept Q->Z being unset (saving memory in tables) as meaning 1.
- *
* Cost: 1A := 8M + 3S
*/
static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+ const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
+ mbedtls_mpi tmp[4] )
{
#if defined(MBEDTLS_SELF_TEST)
add_count++;
@@ -1464,39 +1563,45 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
+
+ /* NOTE: Aliasing between input and output is allowed, so one has to make
+ * sure that at the point X,Y,Z are written, {P,Q}->{X,Y,Z} are no
+ * longer read from. */
+ mbedtls_mpi * const X = &R->X;
+ mbedtls_mpi * const Y = &R->Y;
+ mbedtls_mpi * const Z = &R->Z;
+
+ if( !MPI_ECP_VALID( &Q->Z ) )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &P->Z, 0 ) == 0 )
return( mbedtls_ecp_copy( R, Q ) );
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &Q->Z, 0 ) == 0 )
return( mbedtls_ecp_copy( R, P ) );
/*
* Make sure Q coordinates are normalized
*/
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
+ if( MPI_ECP_CMP_INT( &Q->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) );
+ MPI_ECP_SQR( &tmp[0], &P->Z );
+ MPI_ECP_MUL( &tmp[1], &tmp[0], &P->Z );
+ MPI_ECP_MUL( &tmp[0], &tmp[0], &Q->X );
+ MPI_ECP_MUL( &tmp[1], &tmp[1], &Q->Y );
+ MPI_ECP_SUB( &tmp[0], &tmp[0], &P->X );
+ MPI_ECP_SUB( &tmp[1], &tmp[1], &P->Y );
/* Special cases (2) and (3) */
- if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &tmp[0], 0 ) == 0 )
{
- if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 )
+ if( MPI_ECP_CMP_INT( &tmp[1], 0 ) == 0 )
{
- ret = ecp_double_jac( grp, R, P );
+ ret = ecp_double_jac( grp, R, P, tmp );
goto cleanup;
}
else
@@ -1506,29 +1611,27 @@
}
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) );
+ /* {P,Q}->Z no longer used, so OK to write to Z even if there's aliasing. */
+ MPI_ECP_MUL( Z, &P->Z, &tmp[0] );
+ MPI_ECP_SQR( &tmp[2], &tmp[0] );
+ MPI_ECP_MUL( &tmp[3], &tmp[2], &tmp[0] );
+ MPI_ECP_MUL( &tmp[2], &tmp[2], &P->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
+ MPI_ECP_MOV( &tmp[0], &tmp[2] );
+ MPI_ECP_SHIFT_L( &tmp[0], 1 );
+
+ /* {P,Q}->X no longer used, so OK to write to X even if there's aliasing. */
+ MPI_ECP_SQR( X, &tmp[1] );
+ MPI_ECP_SUB( X, X, &tmp[0] );
+ MPI_ECP_SUB( X, X, &tmp[3] );
+ MPI_ECP_SUB( &tmp[2], &tmp[2], X );
+ MPI_ECP_MUL( &tmp[2], &tmp[2], &tmp[1] );
+ MPI_ECP_MUL( &tmp[3], &tmp[3], &P->Y );
+ /* {P,Q}->Y no longer used, so OK to write to Y even if there's aliasing. */
+ MPI_ECP_SUB( Y, &tmp[2], &tmp[3] );
cleanup:
- mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 );
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */
}
@@ -1552,26 +1655,28 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi l, ll;
+ mbedtls_mpi l;
- mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
+ mbedtls_mpi_init( &l );
/* Generate l such that 1 < l < p */
- MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
+ MPI_ECP_RAND( &l );
- /* Z = l * Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) );
+ /* Z' = l * Z */
+ MPI_ECP_MUL( &pt->Z, &pt->Z, &l );
- /* X = l^2 * X */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) );
+ /* Y' = l * Y */
+ MPI_ECP_MUL( &pt->Y, &pt->Y, &l );
- /* Y = l^3 * Y */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) );
+ /* X' = l^2 * X */
+ MPI_ECP_SQR( &l, &l );
+ MPI_ECP_MUL( &pt->X, &pt->X, &l );
+
+ /* Y'' = l^2 * Y' = l^3 * Y */
+ MPI_ECP_MUL( &pt->Y, &pt->Y, &l );
cleanup:
- mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
+ mbedtls_mpi_free( &l );
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
@@ -1714,6 +1819,10 @@
const unsigned char T_size = 1U << ( w - 1 );
mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
+ mbedtls_mpi tmp[4];
+
+ mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{
@@ -1764,7 +1873,7 @@
if( j % d == 0 )
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
- MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
+ MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur, tmp ) );
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -1774,8 +1883,11 @@
norm_dbl:
#endif
/*
- * Normalize current elements in T. As T has holes,
- * use an auxiliary array of pointers to elements in T.
+ * Normalize current elements in T to allow them to be used in
+ * ecp_add_mixed() below, which requires one normalized input.
+ *
+ * As T has holes, use an auxiliary array of pointers to elements in T.
+ *
*/
j = 0;
for( i = 1; i < T_size; i <<= 1 )
@@ -1801,7 +1913,7 @@
{
j = i;
while( j-- )
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
+ MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i], tmp ) );
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -1822,7 +1934,18 @@
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+ /* Free Z coordinate (=1 after normalization) to save RAM.
+ * This makes T[i] invalid as mbedtls_ecp_points, but this is OK
+ * since from this point onwards, they are only accessed indirectly
+ * via the getter function ecp_select_comb() which does set the
+ * target's Z coordinate to 1. */
+ for( i = 0; i < T_size; i++ )
+ mbedtls_mpi_free( &T[i].Z );
+
cleanup:
+
+ mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@@ -1853,13 +1976,15 @@
/* Read the whole table to thwart cache-based timing attacks */
for( j = 0; j < T_size; j++ )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
+ MPI_ECP_COND_ASSIGN( &R->X, &T[j].X, j == ii );
+ MPI_ECP_COND_ASSIGN( &R->Y, &T[j].Y, j == ii );
}
/* Safely invert result if i is "negative" */
MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
+ MPI_ECP_LSET( &R->Z, 1 );
+
cleanup:
return( ret );
}
@@ -1879,9 +2004,11 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Txi;
+ mbedtls_mpi tmp[4];
size_t i;
mbedtls_ecp_point_init( &Txi );
+ mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
#if !defined(MBEDTLS_ECP_RESTARTABLE)
(void) rs_ctx;
@@ -1907,7 +2034,6 @@
/* Start with a non-zero point and randomize its coordinates */
i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
if( f_rng != 0 )
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
}
@@ -1917,14 +2043,15 @@
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD );
--i;
- MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
+ MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R, tmp ) );
MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) );
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
+ MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi, tmp ) );
}
cleanup:
mbedtls_ecp_point_free( &Txi );
+ mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
@@ -2127,8 +2254,8 @@
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
- p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+ p_eq_g = ( MPI_ECP_CMP( &P->Y, &grp->G.Y ) == 0 &&
+ MPI_ECP_CMP( &P->X, &grp->G.X ) == 0 );
#else
p_eq_g = 0;
#endif
@@ -2258,9 +2385,9 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+ MPI_ECP_INV( &P->Z, &P->Z );
+ MPI_ECP_MUL( &P->X, &P->X, &P->Z );
+ MPI_ECP_LSET( &P->Z, 1 );
cleanup:
return( ret );
@@ -2291,10 +2418,10 @@
mbedtls_mpi_init( &l );
/* Generate l such that 1 < l < p */
- MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
+ MPI_ECP_RAND( &l );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
+ MPI_ECP_MUL( &P->X, &P->X, &l );
+ MPI_ECP_MUL( &P->Z, &P->Z, &l );
cleanup:
mbedtls_mpi_free( &l );
@@ -2323,7 +2450,8 @@
static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *R, mbedtls_ecp_point *S,
const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
- const mbedtls_mpi *d )
+ const mbedtls_mpi *d,
+ mbedtls_mpi T[4] )
{
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
@@ -2334,35 +2462,27 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
- mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) );
+ MPI_ECP_ADD( &T[0], &P->X, &P->Z ); /* Pp := PX + PZ */
+ MPI_ECP_SUB( &T[1], &P->X, &P->Z ); /* Pm := PX - PZ */
+ MPI_ECP_ADD( &T[2], &Q->X, &Q->Z ); /* Qp := QX + XZ */
+ MPI_ECP_SUB( &T[3], &Q->X, &Q->Z ); /* Qm := QX - QZ */
+ MPI_ECP_MUL( &T[3], &T[3], &T[0] ); /* Qm * Pp */
+ MPI_ECP_MUL( &T[2], &T[2], &T[1] ); /* Qp * Pm */
+ MPI_ECP_SQR( &T[0], &T[0] ); /* Pp^2 */
+ MPI_ECP_SQR( &T[1], &T[1] ); /* Pm^2 */
+ MPI_ECP_MUL( &R->X, &T[0], &T[1] ); /* Pp^2 * Pm^2 */
+ MPI_ECP_SUB( &T[0], &T[0], &T[1] ); /* Pp^2 - Pm^2 */
+ MPI_ECP_MUL( &R->Z, &grp->A, &T[0] ); /* A * (Pp^2 - Pm^2) */
+ MPI_ECP_ADD( &R->Z, &T[1], &R->Z ); /* [ A * (Pp^2-Pm^2) ] + Pm^2 */
+ MPI_ECP_ADD( &S->X, &T[3], &T[2] ); /* Qm*Pp + Qp*Pm */
+ MPI_ECP_SQR( &S->X, &S->X ); /* (Qm*Pp + Qp*Pm)^2 */
+ MPI_ECP_SUB( &S->Z, &T[3], &T[2] ); /* Qm*Pp - Qp*Pm */
+ MPI_ECP_SQR( &S->Z, &S->Z ); /* (Qm*Pp - Qp*Pm)^2 */
+ MPI_ECP_MUL( &S->Z, d, &S->Z ); /* d * ( Qm*Pp - Qp*Pm )^2 */
+ MPI_ECP_MUL( &R->Z, &T[0], &R->Z ); /* [A*(Pp^2-Pm^2)+Pm^2]*(Pp^2-Pm^2) */
cleanup:
- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
- mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C );
- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB );
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */
@@ -2382,22 +2502,25 @@
unsigned char b;
mbedtls_ecp_point RP;
mbedtls_mpi PX;
+ mbedtls_mpi tmp[4];
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+ mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/* Save PX and read from P before writing to R, in case P == R */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
+ MPI_ECP_MOV( &PX, &P->X );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
/* Set R to zero in modified x/z coordinates */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
+ MPI_ECP_LSET( &R->X, 1 );
+ MPI_ECP_LSET( &R->Z, 0 );
mbedtls_mpi_free( &R->Y );
/* RP.X might be sligtly larger than P, so reduce it */
- MOD_ADD( RP.X );
+ MOD_ADD( &RP.X );
/* Randomize coordinates of the starting point */
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
@@ -2414,11 +2537,11 @@
* else double_add( R, RP, R, RP )
* but using safe conditional swaps to avoid leaks
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
- MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
+ MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
+ MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX, tmp ) );
+ MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
+ MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
}
/*
@@ -2438,6 +2561,7 @@
cleanup:
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
+ mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
return( ret );
}
@@ -2566,23 +2690,23 @@
* YY = Y^2
* RHS = X (X^2 + A) + B = X^3 + A X + B
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) );
+ MPI_ECP_SQR( &YY, &pt->Y );
+ MPI_ECP_SQR( &RHS, &pt->X );
/* Special case for A = -3 */
if( grp->A.p == NULL )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
+ MPI_ECP_SUB_INT( &RHS, &RHS, 3 );
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) );
+ MPI_ECP_ADD( &RHS, &RHS, &grp->A );
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) );
+ MPI_ECP_MUL( &RHS, &RHS, &pt->X );
+ MPI_ECP_ADD( &RHS, &RHS, &grp->B );
- if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
+ if( MPI_ECP_CMP( &YY, &RHS ) != 0 )
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
cleanup:
@@ -2605,6 +2729,8 @@
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi tmp;
+ mbedtls_mpi_init( &tmp );
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
{
@@ -2617,8 +2743,7 @@
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
- if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
+ MPI_ECP_NEG( &R->Y );
}
else
{
@@ -2627,6 +2752,8 @@
}
cleanup:
+ mbedtls_mpi_free( &tmp );
+
return( ret );
}
@@ -2644,6 +2771,7 @@
mbedtls_ecp_point mP;
mbedtls_ecp_point *pmP = &mP;
mbedtls_ecp_point *pR = R;
+ mbedtls_mpi tmp[4];
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
@@ -2658,6 +2786,7 @@
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
mbedtls_ecp_point_init( &mP );
+ mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
ECP_RS_ENTER( ma );
@@ -2699,7 +2828,7 @@
add:
#endif
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD );
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
+ MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR, tmp ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ma != NULL )
rs_ctx->ma->state = ecp_rsma_norm;
@@ -2715,6 +2844,9 @@
#endif
cleanup:
+
+ mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
if( is_grp_capable )
mbedtls_internal_ecp_free( grp );
@@ -3224,6 +3356,26 @@
return( ret );
}
+/*
+ * Export generic key-pair parameters.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ( ret = mbedtls_ecp_group_copy( grp, &key->grp ) ) != 0 )
+ return ret;
+
+ if( ( ret = mbedtls_mpi_copy( d, &key->d ) ) != 0 )
+ return ret;
+
+ if( ( ret = mbedtls_ecp_copy( Q, &key->Q ) ) != 0 )
+ return ret;
+
+ return 0;
+}
+
#if defined(MBEDTLS_SELF_TEST)
/*
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 421a067..6b8ff5c 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -26,6 +26,7 @@
#include "mbedtls/error.h"
#include "bn_mul.h"
+#include "bignum_internal.h"
#include "ecp_invasive.h"
#include <string.h>
@@ -5213,40 +5214,30 @@
/*
* Fast quasi-reduction modulo p255 = 2^255 - 19
- * Write N as A0 + 2^255 A1, return A0 + 19 * A1
+ * Write N as A0 + 2^256 A1, return A0 + 38 * A1
*/
static int ecp_mod_p255( mbedtls_mpi *N )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i;
- mbedtls_mpi M;
- mbedtls_mpi_uint Mp[P255_WIDTH + 2];
+ mbedtls_mpi_uint Mp[P255_WIDTH];
- if( N->n < P255_WIDTH )
+ /* Helper references for top part of N */
+ mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
+ const size_t NT_n = N->n - P255_WIDTH;
+ if( N->n <= P255_WIDTH )
return( 0 );
-
- /* M = A1 */
- M.s = 1;
- M.n = N->n - ( P255_WIDTH - 1 );
- if( M.n > P255_WIDTH + 1 )
+ if( NT_n > P255_WIDTH )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- M.p = Mp;
- memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
- M.n++; /* Make room for multiplication by 19 */
- /* N = A0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
- for( i = P255_WIDTH; i < N->n; i++ )
- N->p[i] = 0;
+ /* Split N as N + 2^256 M */
+ memcpy( Mp, NT_p, sizeof( mbedtls_mpi_uint ) * NT_n );
+ memset( NT_p, 0, sizeof( mbedtls_mpi_uint ) * NT_n );
- /* N = A0 + 19 * A1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+ /* N = A0 + 38 * A1 */
+ mbedtls_mpi_core_mla( N->p, P255_WIDTH + 1,
+ Mp, NT_n,
+ 38 );
-cleanup:
- return( ret );
+ return( 0 );
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
diff --git a/library/md.c b/library/md.c
index a228789..f2c1a90 100644
--- a/library/md.c
+++ b/library/md.c
@@ -227,6 +227,15 @@
}
}
+const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
+ const mbedtls_md_context_t *ctx )
+{
+ if( ctx == NULL )
+ return NULL;
+
+ return( ctx->MBEDTLS_PRIVATE(md_info) );
+}
+
void mbedtls_md_init( mbedtls_md_context_t *ctx )
{
memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 17a9e4a..d1700f3 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -107,7 +107,9 @@
#include <stdio.h>
+#if defined(MBEDTLS_HAVE_TIME)
#include <time.h>
+#endif
#include <stdint.h>
diff --git a/library/pk.c b/library/pk.c
index ea4869c..bba2ef7 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -22,6 +22,7 @@
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk.h"
#include "pk_wrap.h"
+#include "pkwrite.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -36,7 +37,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif
@@ -151,11 +152,11 @@
* Initialise a PSA-wrapping context
*/
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key )
+ const mbedtls_svc_key_id_t key )
{
- const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
+ const mbedtls_pk_info_t *info = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t *pk_ctx;
+ mbedtls_svc_key_id_t *pk_ctx;
psa_key_type_t type;
if( ctx == NULL || ctx->pk_info != NULL )
@@ -166,16 +167,19 @@
type = psa_get_key_type( &attributes );
psa_reset_key_attributes( &attributes );
- /* Current implementation of can_do() relies on this. */
- if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ info = &mbedtls_pk_ecdsa_opaque_info;
+ else if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ info = &mbedtls_pk_rsa_opaque_info;
+ else
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
ctx->pk_info = info;
- pk_ctx = (psa_key_id_t *) ctx->pk_ctx;
+ pk_ctx = (mbedtls_svc_key_id_t *) ctx->pk_ctx;
*pk_ctx = key;
return( 0 );
@@ -347,22 +351,90 @@
if( ! mbedtls_pk_can_do( ctx, type ) )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
- if( type == MBEDTLS_PK_RSASSA_PSS )
+ if( type != MBEDTLS_PK_RSASSA_PSS )
{
+ /* General case: no options */
+ if( options != NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+ }
+
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_pk_rsassa_pss_options *pss_opts;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const mbedtls_pk_rsassa_pss_options *pss_opts;
#if SIZE_MAX > UINT_MAX
- if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
- if( options == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ if( options == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
+ pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( pss_opts->mgf1_hash_id == md_alg &&
+ ( (size_t) pss_opts->expected_salt_len == hash_len ||
+ pss_opts->expected_salt_len == MBEDTLS_RSA_SALT_LEN_ANY ) )
+ {
+ /* see RSA_PUB_DER_MAX_BYTES in pkwrite.c */
+ unsigned char buf[ 38 + 2 * MBEDTLS_MPI_MAX_SIZE ];
+ unsigned char *p;
+ int key_len;
+ size_t signature_length;
+ psa_status_t status = PSA_ERROR_DATA_CORRUPT;
+ psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
+
+ psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t psa_sig_alg =
+ ( pss_opts->expected_salt_len == MBEDTLS_RSA_SALT_LEN_ANY ?
+ PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg) :
+ PSA_ALG_RSA_PSS(psa_md_alg) );
+ p = buf + sizeof( buf );
+ key_len = mbedtls_pk_write_pubkey( &p, buf, ctx );
+
+ if( key_len < 0 )
+ return( key_len );
+
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, psa_sig_alg );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_key( key_id );
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
+
+ /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+ * on a valid signature with trailing data in a buffer, but
+ * mbedtls_psa_rsa_verify_hash requires the sig_len to be exact,
+ * so for this reason the passed sig_len is overwritten. Smaller
+ * signature lengths should not be accepted for verification. */
+ signature_length = sig_len > mbedtls_pk_get_len( ctx ) ?
+ mbedtls_pk_get_len( ctx ) : sig_len;
+ status = psa_verify_hash( key_id, psa_sig_alg, hash,
+ hash_len, sig, signature_length );
+ destruction_status = psa_destroy_key( key_id );
+
+ if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
+ return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+ if( status == PSA_SUCCESS )
+ status = destruction_status;
+
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ }
+ else
+#endif
+ {
if( sig_len < mbedtls_pk_get_len( ctx ) )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@@ -378,16 +450,10 @@
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
-#else
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
-
- /* General case: no options */
- if( options != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+#else
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
/*
@@ -456,6 +522,61 @@
f_rng, p_rng, NULL ) );
}
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/*
+ * Make a signature given a signature type.
+ */
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+#if defined(MBEDTLS_RSA_C)
+ psa_algorithm_t psa_md_alg;
+#endif /* MBEDTLS_RSA_C */
+ *sig_len = 0;
+
+ if( ctx->pk_info == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ if( ! mbedtls_pk_can_do( ctx, pk_type ) )
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ if( pk_type != MBEDTLS_PK_RSASSA_PSS )
+ {
+ return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
+ sig, sig_size, sig_len, f_rng, p_rng ) );
+ }
+
+#if defined(MBEDTLS_RSA_C)
+ psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ if( psa_md_alg == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ if( mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
+ {
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+ psa_status_t status;
+
+ status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
+ hash, hash_len,
+ sig, sig_size, sig_len );
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ }
+
+ return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ),
+ ctx->pk_ctx, hash, hash_len,
+ sig, sig_size, sig_len ) );
+#else /* MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* !MBEDTLS_RSA_C */
+
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
/*
* Decrypt message
*/
@@ -595,55 +716,102 @@
* Load the key to a PSA key slot,
* then turn the PK context into a wrapper for that key slot.
*
- * Currently only works for EC private keys.
+ * Currently only works for EC & RSA private keys.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
+ mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg )
{
-#if !defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) hash_alg);
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
#else
- const mbedtls_ecp_keypair *ec;
- unsigned char d[MBEDTLS_ECP_MAX_BYTES];
- size_t d_len;
- psa_ecc_family_t curve_id;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- size_t bits;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
+ {
+ const mbedtls_ecp_keypair *ec;
+ unsigned char d[MBEDTLS_ECP_MAX_BYTES];
+ size_t d_len;
+ psa_ecc_family_t curve_id;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
+ size_t bits;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status;
- /* export the private key material in the format PSA wants */
- if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ /* export the private key material in the format PSA wants */
+ ec = mbedtls_pk_ec( *pk );
+ d_len = PSA_BITS_TO_BYTES( ec->grp.nbits );
+ if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
+ return( ret );
- ec = mbedtls_pk_ec( *pk );
- d_len = ( ec->grp.nbits + 7 ) / 8;
- if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
- return( ret );
+ curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
- curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
+ /* prepare the key attributes */
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, bits );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) );
+ psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH );
- /* prepare the key attributes */
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
+ /* import private key into PSA */
+ status = psa_import_key( &attributes, d, d_len, key );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
- /* import private key into PSA */
- if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ /* make PK context wrap the key slot */
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
- /* make PK context wrap the key slot */
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
-
- return( mbedtls_pk_setup_opaque( pk, *key ) );
+ return( mbedtls_pk_setup_opaque( pk, *key ) );
+ }
+ else
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
+ {
+ unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ int key_len;
+ psa_status_t status;
+
+ /* export the private key material in the format PSA wants */
+ key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* prepare the key attributes */
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+ psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes,
+ PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) );
+ psa_set_key_enrollment_algorithm( &attributes,
+ PSA_ALG_RSA_PSS( hash_alg ) );
+
+ /* import private key into PSA */
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len,
+ key_len, key);
+
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
+
+ /* make PK context wrap the key slot */
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
+
+ return( mbedtls_pk_setup_opaque( pk, *key ) );
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_C */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 80c0aad..852c46e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -32,6 +32,10 @@
#include "mbedtls/ecp.h"
#endif
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
+#include "pkwrite.h"
+#endif
+
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
#endif
@@ -61,6 +65,92 @@
#include <limits.h>
#include <stdint.h>
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+int mbedtls_pk_error_from_psa( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_SUCCESS:
+ return( 0 );
+ case PSA_ERROR_INVALID_HANDLE:
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ case PSA_ERROR_NOT_PERMITTED:
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_INVALID_ARGUMENT:
+ return( MBEDTLS_ERR_PK_INVALID_ALG );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ case PSA_ERROR_BAD_STATE:
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ case PSA_ERROR_COMMUNICATION_FAILURE:
+ case PSA_ERROR_HARDWARE_FAILURE:
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ case PSA_ERROR_DATA_CORRUPT:
+ case PSA_ERROR_DATA_INVALID:
+ case PSA_ERROR_STORAGE_FAILURE:
+ return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+ case PSA_ERROR_CORRUPTION_DETECTED:
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ default:
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+ }
+}
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_ERROR_NOT_PERMITTED:
+ case PSA_ERROR_INVALID_ARGUMENT:
+ case PSA_ERROR_INVALID_HANDLE:
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+ case PSA_ERROR_INSUFFICIENT_ENTROPY:
+ return( MBEDTLS_ERR_RSA_RNG_FAILED );
+ case PSA_ERROR_INVALID_SIGNATURE:
+ return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+ case PSA_ERROR_INVALID_PADDING:
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ default:
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
+}
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_ERROR_NOT_PERMITTED:
+ case PSA_ERROR_INVALID_ARGUMENT:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ case PSA_ERROR_INVALID_HANDLE:
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ case PSA_ERROR_INSUFFICIENT_ENTROPY:
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ case PSA_ERROR_INVALID_SIGNATURE:
+ return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ default:
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
+}
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
{
@@ -74,10 +164,73 @@
return( 8 * mbedtls_rsa_get_len( rsa ) );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
+ mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
+ psa_algorithm_t psa_alg_md =
+ PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+ size_t rsa_len = mbedtls_rsa_get_len( rsa );
+
+#if SIZE_MAX > UINT_MAX
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* SIZE_MAX > UINT_MAX */
+
+ if( sig_len < rsa_len )
+ return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+ /* mbedtls_pk_write_pubkey_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_rsa_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, psa_alg_md );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_verify_hash( key_id, psa_alg_md, hash, hash_len,
+ sig, sig_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+ ret = 0;
+
+cleanup:
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
+static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
size_t rsa_len = mbedtls_rsa_get_len( rsa );
@@ -105,7 +258,85 @@
return( 0 );
}
+#endif
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa_ctx,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size,
+ size_t *sig_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+ mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
+
+ *sig_len = mbedtls_rsa_get_len( rsa_ctx );
+ if( sig_size < *sig_len )
+ return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+
+ /* mbedtls_pk_write_key_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &pk_info;
+ key.pk_ctx = rsa_ctx;
+ key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+ status = psa_sign_hash( key_id, alg, hash, hash_len,
+ sig, sig_size, sig_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+ return( ret );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) f_rng);
+ ((void) p_rng);
+
+ psa_algorithm_t psa_md_alg;
+ psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ if( psa_md_alg == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN(
+ psa_md_alg ),
+ ctx, hash, hash_len,
+ sig, sig_size, sig_len ) );
+}
+#else
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -126,7 +357,76 @@
md_alg, (unsigned int) hash_len,
hash, sig ) );
}
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_decrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+#if !defined(MBEDTLS_RSA_ALT)
+ if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif /* !MBEDTLS_RSA_ALT */
+
+ if( ilen != mbedtls_rsa_get_len( rsa ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ /* mbedtls_pk_write_key_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_rsa_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_asymmetric_decrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ input, ilen,
+ NULL, 0,
+ output, osize, olen );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -140,7 +440,75 @@
return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
olen, input, output, osize ) );
}
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_encrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+#if !defined(MBEDTLS_RSA_ALT)
+ if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
+ if( mbedtls_rsa_get_len( rsa ) > osize )
+ return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+ /* mbedtls_pk_write_pubkey_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_rsa_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_asymmetric_encrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ input, ilen,
+ NULL, 0,
+ output, osize, olen );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int rsa_encrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -155,6 +523,7 @@
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
ilen, input, output ) );
}
+#endif
static int rsa_check_pair_wrap( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -560,12 +929,11 @@
mbedtls_ecdsa_context *ctx = ctx_arg;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t key_id = 0;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
mbedtls_pk_context key;
int key_len;
- /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
- unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
+ unsigned char buf[MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES];
unsigned char *p;
mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
@@ -596,7 +964,7 @@
&key_id );
if( status != PSA_SUCCESS )
{
- ret = mbedtls_psa_err_translate_pk( status );
+ ret = mbedtls_pk_error_from_psa( status );
goto cleanup;
}
@@ -615,12 +983,12 @@
goto cleanup;
}
- if( psa_verify_hash( key_id, psa_sig_md,
- hash, hash_len,
- buf, 2 * signature_part_size )
- != PSA_SUCCESS )
+ status = psa_verify_hash( key_id, psa_sig_md,
+ hash, hash_len,
+ buf, 2 * signature_part_size );
+ if( status != PSA_SUCCESS )
{
- ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+ ret = mbedtls_pk_error_from_psa_ecdsa( status );
goto cleanup;
}
@@ -632,7 +1000,10 @@
ret = 0;
cleanup:
- psa_destroy_key( key_id );
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
return( ret );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -653,6 +1024,206 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Simultaneously convert and move raw MPI from the beginning of a buffer
+ * to an ASN.1 MPI at the end of the buffer.
+ * See also mbedtls_asn1_write_mpi().
+ *
+ * p: pointer to the end of the output buffer
+ * start: start of the output buffer, and also of the mpi to write at the end
+ * n_len: length of the mpi to read from start
+ */
+static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
+ size_t n_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+
+ if( (size_t)( *p - start ) < n_len )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = n_len;
+ *p -= len;
+ memmove( *p, start, len );
+
+ /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
+ * Neither r nor s should be 0, but as a failsafe measure, still detect
+ * that rather than overflowing the buffer in case of a PSA error. */
+ while( len > 0 && **p == 0x00 )
+ {
+ ++(*p);
+ --len;
+ }
+
+ /* this is only reached if the signature was invalid */
+ if( len == 0 )
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+
+ /* if the msb is 1, ASN.1 requires that we prepend a 0.
+ * Neither r nor s can be 0, so we can assume len > 0 at all times. */
+ if( **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+
+/* Transcode signature from PSA format to ASN.1 sequence.
+ * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
+ * MPIs, and in-place.
+ *
+ * [in/out] sig: the signature pre- and post-transcoding
+ * [in/out] sig_len: signature length pre- and post-transcoding
+ * [int] buf_len: the available size the in/out buffer
+ */
+static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
+ size_t buf_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+ const size_t rs_len = *sig_len / 2;
+ unsigned char *p = sig + buf_len;
+
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ memmove( sig, p, len );
+ *sig_len = len;
+
+ return( 0 );
+}
+
+/* Locate an ECDSA privateKey in a RFC 5915, or SEC1 Appendix C.4 ASN.1 buffer
+ *
+ * [in/out] buf: ASN.1 buffer start as input - ECDSA privateKey start as output
+ * [in] end: ASN.1 buffer end
+ * [out] key_len: the ECDSA privateKey length in bytes
+ */
+static int find_ecdsa_private_key( unsigned char **buf, unsigned char *end,
+ size_t *key_len )
+{
+ size_t len;
+ int ret;
+
+ /*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( ret );
+
+ /* version */
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_INTEGER ) ) != 0 )
+ return( ret );
+
+ *buf += len;
+
+ /* privateKey */
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+ return( ret );
+
+ *key_len = len;
+
+ return 0;
+}
+
+static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_ecdsa_context *ctx = ctx_arg;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ size_t key_len;
+ unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES];
+ unsigned char *p;
+ psa_algorithm_t psa_sig_md =
+ PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ size_t curve_bits;
+ psa_ecc_family_t curve =
+ mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
+
+ /* PSA has its own RNG */
+ ((void) f_rng);
+ ((void) p_rng);
+
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* mbedtls_pk_write_key_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_eckey_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ p = buf + sizeof( buf ) - key_len;
+ ret = find_ecdsa_private_key( &p, buf + sizeof( buf ), &key_len );
+ if( ret != 0 )
+ goto cleanup;
+
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( curve ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, psa_sig_md );
+
+ status = psa_import_key( &attributes,
+ p, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_sign_hash( key_id, psa_sig_md, hash, hash_len,
+ sig, sig_size, sig_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_ecdsa( status );
+ goto cleanup;
+ }
+
+ ret = pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size );
+
+cleanup:
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -663,6 +1234,7 @@
sig, sig_size, sig_len,
f_rng, p_rng ) );
}
+#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
@@ -894,7 +1466,7 @@
static void *pk_opaque_alloc_wrap( void )
{
- void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
+ void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_svc_key_id_t ) );
/* no _init() function to call, an calloc() already zeroized */
@@ -903,13 +1475,13 @@
static void pk_opaque_free_wrap( void *ctx )
{
- mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_svc_key_id_t ) );
mbedtls_free( ctx );
}
static size_t pk_opaque_get_bitlen( const void *ctx )
{
- const psa_key_id_t *key = (const psa_key_id_t *) ctx;
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -921,107 +1493,24 @@
return( bits );
}
-static int pk_opaque_can_do( mbedtls_pk_type_t type )
+static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type )
{
- /* For now opaque PSA keys can only wrap ECC keypairs,
- * as checked by setup_psa().
- * Also, ECKEY_DH does not really make sense with the current API. */
return( type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECDSA );
}
-#if defined(MBEDTLS_ECDSA_C)
-
-/*
- * Simultaneously convert and move raw MPI from the beginning of a buffer
- * to an ASN.1 MPI at the end of the buffer.
- * See also mbedtls_asn1_write_mpi().
- *
- * p: pointer to the end of the output buffer
- * start: start of the output buffer, and also of the mpi to write at the end
- * n_len: length of the mpi to read from start
- */
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
- size_t n_len )
+static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
- if( (size_t)( *p - start ) < n_len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- len = n_len;
- *p -= len;
- memmove( *p, start, len );
-
- /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
- * Neither r nor s should be 0, but as a failsafe measure, still detect
- * that rather than overflowing the buffer in case of a PSA error. */
- while( len > 0 && **p == 0x00 )
- {
- ++(*p);
- --len;
- }
-
- /* this is only reached if the signature was invalid */
- if( len == 0 )
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-
- /* if the msb is 1, ASN.1 requires that we prepend a 0.
- * Neither r nor s can be 0, so we can assume len > 0 at all times. */
- if( **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- *--(*p) = 0x00;
- len += 1;
- }
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_INTEGER ) );
-
- return( (int) len );
+ return( type == MBEDTLS_PK_RSA ||
+ type == MBEDTLS_PK_RSASSA_PSS );
}
-/* Transcode signature from PSA format to ASN.1 sequence.
- * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
- * MPIs, and in-place.
- *
- * [in/out] sig: the signature pre- and post-transcoding
- * [in/out] sig_len: signature length pre- and post-transcoding
- * [int] buf_len: the available size the in/out buffer
- */
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
- size_t buf_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
- const size_t rs_len = *sig_len / 2;
- unsigned char *p = sig + buf_len;
-
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
- memmove( sig, p, len );
- *sig_len = len;
-
- return( 0 );
-}
-
-#endif /* MBEDTLS_ECDSA_C */
-
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
-#if !defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C)
((void) ctx);
((void) md_alg);
((void) hash);
@@ -1032,31 +1521,92 @@
((void) f_rng);
((void) p_rng);
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#else /* !MBEDTLS_ECDSA_C */
- const psa_key_id_t *key = (const psa_key_id_t *) ctx;
- psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+#else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ psa_key_type_t type;
psa_status_t status;
/* PSA has its own RNG */
(void) f_rng;
(void) p_rng;
+ status = psa_get_key_attributes( *key, &attributes );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
+
+ type = psa_get_key_type( &attributes );
+ psa_reset_key_attributes( &attributes );
+
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+ else
+#endif /* MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
/* make the signature */
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
- return( mbedtls_psa_err_translate_pk( status ) );
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ return( mbedtls_pk_error_from_psa_ecdsa( status ) );
+ else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ else
+#endif /* MBEDTLS_RSA_C */
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
- /* transcode it to ASN.1 sequence */
- return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
-#endif /* !MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ /* transcode it to ASN.1 sequence */
+ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
+#endif /* MBEDTLS_ECDSA_C */
+
+ return 0;
+#endif /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
}
-const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
+const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
pk_opaque_get_bitlen,
- pk_opaque_can_do,
+ pk_opaque_ecdsa_can_do,
+ NULL, /* verify - will be done later */
+ pk_opaque_sign_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restartable verify - not relevant */
+ NULL, /* restartable sign - not relevant */
+#endif
+ NULL, /* decrypt - not relevant */
+ NULL, /* encrypt - not relevant */
+ NULL, /* check_pair - could be done later or left NULL */
+ pk_opaque_alloc_wrap,
+ pk_opaque_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restart alloc - not relevant */
+ NULL, /* restart free - not relevant */
+#endif
+ NULL, /* debug - could be done later, or even left NULL */
+};
+
+const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
+ MBEDTLS_PK_OPAQUE,
+ "Opaque",
+ pk_opaque_get_bitlen,
+ pk_opaque_rsa_can_do,
NULL, /* verify - will be done later */
pk_opaque_sign_wrap,
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 6f5addf..5e81a65 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -27,6 +27,10 @@
#include "mbedtls/pk.h"
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
struct mbedtls_pk_info_t
{
/** Public key type */
@@ -132,7 +136,30 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
+extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
+extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+int mbedtls_pk_error_from_psa( psa_status_t status );
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
+ mbedtls_rsa_context *rsa_ctx,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size,
+ size_t *sig_len );
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/library/pkparse.c b/library/pkparse.c
index b2d3bb0..22dab3a 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1343,6 +1343,7 @@
* error
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
+ if( pwdlen != 0 )
{
unsigned char *key_copy;
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 71cc0f0..8b99340 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -37,6 +37,9 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
+#include "pkwrite.h"
+#endif
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
#endif
@@ -198,7 +201,7 @@
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
{
size_t buffer_size;
- psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx;
+ mbedtls_svc_key_id_t* key_id = (mbedtls_svc_key_id_t*) key->pk_ctx;
if ( *p < start )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -265,32 +268,46 @@
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
- psa_key_id_t key_id;
+ mbedtls_svc_key_id_t key_id;
psa_ecc_family_t curve;
size_t bits;
- key_id = *((psa_key_id_t*) key->pk_ctx );
+ key_id = *((mbedtls_svc_key_id_t*) key->pk_ctx );
if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
key_type = psa_get_key_type( &attributes );
bits = psa_get_key_bits( &attributes );
psa_reset_key_attributes( &attributes );
- curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
- if( curve == 0 )
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) )
+ {
+ curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits,
+ &oid, &oid_len );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ /* Write EC algorithm parameters; that's akin
+ * to pk_write_ec_param() above. */
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
+ oid,
+ oid_len ) );
+
+ /* The rest of the function works as for legacy EC contexts. */
+ pk_type = MBEDTLS_PK_ECKEY;
+ }
+ else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ {
+ /* The rest of the function works as for legacy RSA contexts. */
+ pk_type = MBEDTLS_PK_RSA;
+ }
+ else
+ {
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
- ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
- if( ret != 0 )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
- /* Write EC algorithm parameters; that's akin
- * to pk_write_ec_param() above. */
- MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
- oid, oid_len ) );
-
- /* The rest of the function works as for legacy EC contexts. */
- pk_type = MBEDTLS_PK_ECKEY;
+ }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -470,88 +487,12 @@
#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
-/*
- * Max sizes of key per types. Shown as tag + len (+ content).
- */
-
-#if defined(MBEDTLS_RSA_C)
-/*
- * RSA public keys:
- * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3
- * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
- * + 1 + 1 + 9 (rsa oid)
- * + 1 + 1 (params null)
- * subjectPublicKey BIT STRING } 1 + 3 + (1 + below)
- * RSAPublicKey ::= SEQUENCE { 1 + 3
- * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1
- * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
- * }
- */
-#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
-
-/*
- * RSA private keys:
- * RSAPrivateKey ::= SEQUENCE { 1 + 3
- * version Version, 1 + 1 + 1
- * modulus INTEGER, 1 + 3 + MPI_MAX + 1
- * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1
- * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1
- * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
- * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
- * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
- * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
- * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1
- * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
- * }
- */
-#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
- MBEDTLS_MPI_MAX_SIZE % 2 )
-#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
- + 5 * MPI_MAX_SIZE_2 )
-
-#else /* MBEDTLS_RSA_C */
-
-#define RSA_PUB_DER_MAX_BYTES 0
-#define RSA_PRV_DER_MAX_BYTES 0
-
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * EC public keys:
- * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
- * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
- * + 1 + 1 + 7 (ec oid)
- * + 1 + 1 + 9 (namedCurve oid)
- * subjectPublicKey BIT STRING 1 + 2 + 1 [1]
- * + 1 (point format) [1]
- * + 2 * ECP_MAX (coords) [1]
- * }
- */
-#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
-
-/*
- * EC private keys:
- * ECPrivateKey ::= SEQUENCE { 1 + 2
- * version INTEGER , 1 + 1 + 1
- * privateKey OCTET STRING, 1 + 1 + ECP_MAX
- * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)
- * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
- * }
- */
-#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
-
-#else /* MBEDTLS_ECP_C */
-
-#define ECP_PUB_DER_MAX_BYTES 0
-#define ECP_PRV_DER_MAX_BYTES 0
-
-#endif /* MBEDTLS_ECP_C */
-
-#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
- RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
-#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
- RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
+#define PUB_DER_MAX_BYTES \
+ ( MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
+ MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES )
+#define PRV_DER_MAX_BYTES \
+ ( MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
+ MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES )
int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
diff --git a/library/pkwrite.h b/library/pkwrite.h
new file mode 100644
index 0000000..77d3b91
--- /dev/null
+++ b/library/pkwrite.h
@@ -0,0 +1,108 @@
+/**
+ * \file pkwrite.h
+ *
+ * \brief Internal defines shared by the PK write module
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_PK_WRITE_H
+#define MBEDTLS_PK_WRITE_H
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/pk.h"
+
+/*
+ * Max sizes of key per types. Shown as tag + len (+ content).
+ */
+
+#if defined(MBEDTLS_RSA_C)
+/*
+ * RSA public keys:
+ * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3
+ * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
+ * + 1 + 1 + 9 (rsa oid)
+ * + 1 + 1 (params null)
+ * subjectPublicKey BIT STRING } 1 + 3 + (1 + below)
+ * RSAPublicKey ::= SEQUENCE { 1 + 3
+ * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1
+ * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
+ * }
+ */
+#define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
+
+/*
+ * RSA private keys:
+ * RSAPrivateKey ::= SEQUENCE { 1 + 3
+ * version Version, 1 + 1 + 1
+ * modulus INTEGER, 1 + 3 + MPI_MAX + 1
+ * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1
+ * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1
+ * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
+ * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
+ * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
+ * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1
+ * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1
+ * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
+ * }
+ */
+#define MBEDTLS_MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
+ MBEDTLS_MPI_MAX_SIZE % 2 )
+#define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+ + 5 * MBEDTLS_MPI_MAX_SIZE_2 )
+
+#else /* MBEDTLS_RSA_C */
+
+#define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES 0
+#define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES 0
+
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * EC public keys:
+ * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
+ * algorithm AlgorithmIdentifier, 1 + 1 (sequence)
+ * + 1 + 1 + 7 (ec oid)
+ * + 1 + 1 + 9 (namedCurve oid)
+ * subjectPublicKey BIT STRING 1 + 2 + 1 [1]
+ * + 1 (point format) [1]
+ * + 2 * ECP_MAX (coords) [1]
+ * }
+ */
+#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
+
+/*
+ * EC private keys:
+ * ECPrivateKey ::= SEQUENCE { 1 + 2
+ * version INTEGER , 1 + 1 + 1
+ * privateKey OCTET STRING, 1 + 1 + ECP_MAX
+ * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9)
+ * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
+ * }
+ */
+#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
+
+#else /* MBEDTLS_ECP_C */
+
+#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0
+#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0
+
+#endif /* MBEDTLS_ECP_C */
+
+#endif /* MBEDTLS_PK_WRITE_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 829ed45..d58923d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -27,6 +27,7 @@
#endif
#include "psa/crypto.h"
+#include "psa/crypto_values.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
@@ -2332,6 +2333,20 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
+ if( *mac_size > PSA_MAC_MAX_SIZE )
+ {
+ /* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
+ * that is disabled in the compile-time configuration. The result can
+ * therefore be larger than PSA_MAC_MAX_SIZE, which does take the
+ * configuration into account. In this case, force a return of
+ * PSA_ERROR_NOT_SUPPORTED here. Otherwise psa_mac_verify(), or
+ * psa_mac_compute(mac_size=PSA_MAC_MAX_SIZE), would return
+ * PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
+ * is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
+ * systematically generated tests. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
return( PSA_SUCCESS );
}
@@ -3025,18 +3040,6 @@
signature, signature_length );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
- mbedtls_rsa_context *rsa )
-{
- psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
-
- return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-
psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@@ -3073,80 +3076,14 @@
goto exit;
}
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- goto rsa_exit;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
- if( output_size < mbedtls_rsa_get_len( rsa ) )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto rsa_exit;
- }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
- status = mbedtls_to_psa_error(
- mbedtls_rsa_pkcs1_encrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- input_length,
- input,
- output ) );
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
- }
- else
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- status = mbedtls_to_psa_error(
- psa_rsa_oaep_set_padding_mode( alg, rsa ) );
- if( status != PSA_SUCCESS )
- goto rsa_exit;
-
- status = mbedtls_to_psa_error(
- mbedtls_rsa_rsaes_oaep_encrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- salt, salt_length,
- input_length,
- input,
- output ) );
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
- }
- else
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- }
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-rsa_exit:
- if( status == PSA_SUCCESS )
- *output_length = mbedtls_rsa_get_len( rsa );
-
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- }
- else
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- }
-
+ status = psa_driver_wrapper_asymmetric_encrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
@@ -3188,80 +3125,14 @@
goto exit;
}
- if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- goto exit;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
- if( input_length != mbedtls_rsa_get_len( rsa ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto rsa_exit;
- }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-
- if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
- status = mbedtls_to_psa_error(
- mbedtls_rsa_pkcs1_decrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- output_length,
- input,
- output,
- output_size ) );
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
- }
- else
- if( PSA_ALG_IS_RSA_OAEP( alg ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- status = mbedtls_to_psa_error(
- psa_rsa_oaep_set_padding_mode( alg, rsa ) );
- if( status != PSA_SUCCESS )
- goto rsa_exit;
-
- status = mbedtls_to_psa_error(
- mbedtls_rsa_rsaes_oaep_decrypt( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- salt, salt_length,
- output_length,
- input,
- output,
- output_size ) );
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
- }
- else
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-rsa_exit:
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
- }
- else
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- }
+ status = psa_driver_wrapper_asymmetric_decrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
@@ -3719,6 +3590,14 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
+static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
+{
+ if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
@@ -3736,8 +3615,9 @@
*ciphertext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@@ -3786,8 +3666,9 @@
*plaintext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@@ -3819,6 +3700,47 @@
return( status );
}
+static psa_status_t psa_validate_tag_length( psa_aead_operation_t *operation,
+ psa_algorithm_t alg ) {
+ uint8_t tag_len = 0;
+ if( psa_driver_get_tag_len( operation, &tag_len ) != PSA_SUCCESS )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+ /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/
+ if( tag_len < 4 || tag_len > 16 || tag_len % 2 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+ /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */
+ if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ /* We only support the default tag length. */
+ if( tag_len != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+ default:
+ (void) tag_len;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ return( PSA_SUCCESS );
+}
+
/* Set the key for a multipart authenticated operation. */
static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
int is_encrypt,
@@ -3830,11 +3752,9 @@
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
goto exit;
- }
if( operation->id != 0 )
{
@@ -3878,6 +3798,9 @@
if( status != PSA_SUCCESS )
goto exit;
+ if( ( status = psa_validate_tag_length( operation, alg ) ) != PSA_SUCCESS )
+ goto exit;
+
operation->key_type = psa_get_key_type( &attributes );
exit:
@@ -4406,6 +4329,13 @@
mbedtls_free( operation->ctx.tls12_prf.label );
}
+ if( operation->ctx.tls12_prf.other_secret != NULL )
+ {
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.other_secret,
+ operation->ctx.tls12_prf.other_secret_length );
+ mbedtls_free( operation->ctx.tls12_prf.other_secret );
+ }
+
status = PSA_SUCCESS;
/* We leave the fields Ai and output_block to be erased safely by the
@@ -4772,6 +4702,204 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
+/*
+* ECC keys on a Weierstrass elliptic curve require the generation
+* of a private key which is an integer
+* in the range [1, N - 1], where N is the boundary of the private key domain:
+* N is the prime p for Diffie-Hellman, or the order of the
+* curve’s base point for ECC.
+*
+* Let m be the bit size of N, such that 2^m > N >= 2^(m-1).
+* This function generates the private key using the following process:
+*
+* 1. Draw a byte string of length ceiling(m/8) bytes.
+* 2. If m is not a multiple of 8, set the most significant
+* (8 * ceiling(m/8) - m) bits of the first byte in the string to zero.
+* 3. Convert the string to integer k by decoding it as a big-endian byte string.
+* 4. If k > N - 2, discard the result and return to step 1.
+* 5. Output k + 1 as the private key.
+*
+* This method allows compliance to NIST standards, specifically the methods titled
+* Key-Pair Generation by Testing Candidates in the following publications:
+* - NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment
+* Schemes Using Discrete Logarithm Cryptography [SP800-56A] §5.6.1.1.4 for
+* Diffie-Hellman keys.
+*
+* - [SP800-56A] §5.6.1.2.2 or FIPS Publication 186-4: Digital Signature
+* Standard (DSS) [FIPS186-4] §B.4.2 for elliptic curve keys.
+*
+* Note: Function allocates memory for *data buffer, so given *data should be
+* always NULL.
+*/
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
+static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
+ psa_key_slot_t *slot,
+ size_t bits,
+ psa_key_derivation_operation_t *operation,
+ uint8_t **data
+ )
+{
+ unsigned key_out_of_range = 1;
+ mbedtls_mpi k;
+ mbedtls_mpi diff_N_2;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_mpi_init( &k );
+ mbedtls_mpi_init( &diff_N_2 );
+
+ psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
+ slot->attr.type );
+ mbedtls_ecp_group_id grp_id =
+ mbedtls_ecc_group_of_psa( curve, bits, 0 );
+
+ if( grp_id == MBEDTLS_ECP_DP_NONE )
+ {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto cleanup;
+ }
+
+ mbedtls_ecp_group ecp_group;
+ mbedtls_ecp_group_init( &ecp_group );
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp_group, grp_id ) );
+
+ /* N is the boundary of the private key domain (ecp_group.N). */
+ /* Let m be the bit size of N. */
+ size_t m = ecp_group.nbits;
+
+ size_t m_bytes = PSA_BITS_TO_BYTES( m );
+
+ /* Calculate N - 2 - it will be needed later. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &diff_N_2, &ecp_group.N, 2 ) );
+
+ /* Note: This function is always called with *data == NULL and it
+ * allocates memory for the data buffer. */
+ *data = mbedtls_calloc( 1, m_bytes );
+ if( *data == NULL )
+ {
+ ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ goto cleanup;
+ }
+
+ while( key_out_of_range )
+ {
+ /* 1. Draw a byte string of length ceiling(m/8) bytes. */
+ if( ( status = psa_key_derivation_output_bytes( operation, *data, m_bytes ) ) != 0 )
+ goto cleanup;
+
+ /* 2. If m is not a multiple of 8 */
+ if( m % 8 != 0 )
+ {
+ /* Set the most significant
+ * (8 * ceiling(m/8) - m) bits of the first byte in
+ * the string to zero.
+ */
+ uint8_t clear_bit_mask = ( 1 << ( m % 8 ) ) - 1;
+ (*data)[0] &= clear_bit_mask;
+ }
+
+ /* 3. Convert the string to integer k by decoding it as a
+ * big-endian byte string.
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &k, *data, m_bytes ) );
+
+ /* 4. If k > N - 2, discard the result and return to step 1.
+ * Result of comparison is returned. When it indicates error
+ * then this fuction is called again.
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
+ }
+
+ /* 5. Output k + 1 as the private key. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &k, &k, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &k, *data, m_bytes ) );
+cleanup:
+ if( ret != 0 )
+ status = mbedtls_to_psa_error( ret );
+ if( status != PSA_SUCCESS ) {
+ mbedtls_free( *data );
+ *data = NULL;
+ }
+ mbedtls_mpi_free( &k );
+ mbedtls_mpi_free( &diff_N_2 );
+ return( status );
+}
+
+/* ECC keys on a Montgomery elliptic curve draws a byte string whose length
+ * is determined by the curve, and sets the mandatory bits accordingly. That is:
+ *
+ * - Curve25519 (PSA_ECC_FAMILY_MONTGOMERY, 255 bits):
+ * draw a 32-byte string and process it as specified in
+ * Elliptic Curves for Security [RFC7748] §5.
+ *
+ * - Curve448 (PSA_ECC_FAMILY_MONTGOMERY, 448 bits):
+ * draw a 56-byte string and process it as specified in [RFC7748] §5.
+ *
+ * Note: Function allocates memory for *data buffer, so given *data should be
+ * always NULL.
+ */
+
+static psa_status_t psa_generate_derived_ecc_key_montgomery_helper(
+ size_t bits,
+ psa_key_derivation_operation_t *operation,
+ uint8_t **data
+ )
+{
+ size_t output_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ switch( bits )
+ {
+ case 255:
+ output_length = 32;
+ break;
+ case 448:
+ output_length = 56;
+ break;
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ break;
+ }
+
+ *data = mbedtls_calloc( 1, output_length );
+
+ if( *data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ status = psa_key_derivation_output_bytes( operation, *data, output_length );
+
+ if( status != PSA_SUCCESS )
+ return status;
+
+ switch( bits )
+ {
+ case 255:
+ (*data)[0] &= 248;
+ (*data)[31] &= 127;
+ (*data)[31] |= 64;
+ break;
+ case 448:
+ (*data)[0] &= 252;
+ (*data)[55] |= 128;
+ break;
+ default:
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ break;
+ }
+
+ return status;
+}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
+
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
@@ -4780,23 +4908,57 @@
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
size_t storage_size = bytes;
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( ! key_type_is_raw_bytes( slot->attr.type ) )
+ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- if( bits % 8 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- data = mbedtls_calloc( 1, bytes );
- if( data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- status = psa_key_derivation_output_bytes( operation, data, bytes );
- if( status != PSA_SUCCESS )
- goto exit;
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
+ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
+ {
+ psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type );
+ if( PSA_ECC_FAMILY_IS_WEIERSTRASS( curve ) )
+ {
+ /* Weierstrass elliptic curve */
+ status = psa_generate_derived_ecc_key_weierstrass_helper( slot, bits, operation, &data );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+ else
+ {
+ /* Montgomery elliptic curve */
+ status = psa_generate_derived_ecc_key_montgomery_helper( bits, operation, &data );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+ } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
+ if( key_type_is_raw_bytes( slot->attr.type ) )
+ {
+ if( bits % 8 != 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ data = mbedtls_calloc( 1, bytes );
+ if( data == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ status = psa_key_derivation_output_bytes( operation, data, bytes );
+ if( status != PSA_SUCCESS )
+ goto exit;
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
- if( slot->attr.type == PSA_KEY_TYPE_DES )
- psa_des_set_key_parity( data, bytes );
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
+ if( slot->attr.type == PSA_KEY_TYPE_DES )
+ psa_des_set_key_parity( data, bytes );
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) */
+ }
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
slot->attr.bits = (psa_key_bits_t) bits;
psa_key_attributes_t attributes = {
@@ -4878,50 +5040,75 @@
/****************************************************************/
#if defined(AT_LEAST_ONE_BUILTIN_KDF)
+static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
+{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
+ if( PSA_ALG_IS_HKDF( kdf_alg ) )
+ return( 1 );
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
+ if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
+ return( 1 );
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
+ return( 1 );
+#endif
+ return( 0 );
+}
+
+static psa_status_t psa_hash_try_support( psa_algorithm_t alg )
+{
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_status_t status = psa_hash_setup( &operation, alg );
+ psa_hash_abort( &operation );
+ return( status );
+}
+
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg )
{
- int is_kdf_alg_supported;
-
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset( &operation->ctx, 0, sizeof( operation->ctx ) );
/* Make sure that kdf_alg is a supported key derivation algorithm. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- if( PSA_ALG_IS_HKDF( kdf_alg ) )
- is_kdf_alg_supported = 1;
- else
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
- is_kdf_alg_supported = 1;
- else
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- is_kdf_alg_supported = 1;
- else
-#endif
- is_kdf_alg_supported = 0;
+ if( ! is_kdf_alg_supported( kdf_alg ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
- if( is_kdf_alg_supported )
+ /* All currently supported key derivation algorithms are based on a
+ * hash algorithm. */
+ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
+ size_t hash_size = PSA_HASH_LENGTH( hash_alg );
+ if( hash_size == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ /* Make sure that hash_alg is a supported hash algorithm. Otherwise
+ * we might fail later, which is somewhat unfriendly and potentially
+ * risk-prone. */
+ psa_status_t status = psa_hash_try_support( hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
+ ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
{
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
- size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- if( hash_size == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
- ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- operation->capacity = 255 * hash_size;
- return( PSA_SUCCESS );
+ return( PSA_ERROR_NOT_SUPPORTED );
}
+ operation->capacity = 255 * hash_size;
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
+{
+#if defined(PSA_WANT_ALG_ECDH)
+ if( alg == PSA_ALG_ECDH )
+ return( PSA_SUCCESS );
+#endif
+ (void) alg;
return( PSA_ERROR_NOT_SUPPORTED );
}
#endif /* AT_LEAST_ONE_BUILTIN_KDF */
@@ -4940,6 +5127,10 @@
{
#if defined(AT_LEAST_ONE_BUILTIN_KDF)
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
+ status = psa_key_agreement_try_support( ka_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_key_derivation_setup_kdf( operation, kdf_alg );
#else
return( PSA_ERROR_NOT_SUPPORTED );
@@ -5060,7 +5251,8 @@
const uint8_t *data,
size_t data_length )
{
- if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
+ if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET &&
+ prf->state != PSA_TLS12_PRF_STATE_OTHER_KEY_SET )
return( PSA_ERROR_BAD_STATE );
if( data_length != 0 )
@@ -5127,47 +5319,117 @@
size_t data_length )
{
psa_status_t status;
- uint8_t pms[ 4 + 2 * PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ];
- uint8_t *cur = pms;
+ const size_t pms_len = ( prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET ?
+ 4 + data_length + prf->other_secret_length :
+ 4 + 2 * data_length );
if( data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
return( PSA_ERROR_INVALID_ARGUMENT );
- /* Quoting RFC 4279, Section 2:
+ uint8_t *pms = mbedtls_calloc( 1, pms_len );
+ if( pms == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ uint8_t *cur = pms;
+
+ /* pure-PSK:
+ * Quoting RFC 4279, Section 2:
*
* The premaster secret is formed as follows: if the PSK is N octets
* long, concatenate a uint16 with the value N, N zero octets, a second
* uint16 with the value N, and the PSK itself.
+ *
+ * mixed-PSK:
+ * In a DHE-PSK, RSA-PSK, ECDHE-PSK the premaster secret is formed as
+ * follows: concatenate a uint16 with the length of the other secret,
+ * the other secret itself, uint16 with the length of PSK, and the
+ * PSK itself.
+ * For details please check:
+ * - RFC 4279, Section 4 for the definition of RSA-PSK,
+ * - RFC 4279, Section 3 for the definition of DHE-PSK,
+ * - RFC 5489 for the definition of ECDHE-PSK.
*/
+ if( prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET )
+ {
+ *cur++ = MBEDTLS_BYTE_1( prf->other_secret_length );
+ *cur++ = MBEDTLS_BYTE_0( prf->other_secret_length );
+ if( prf->other_secret_length != 0 )
+ {
+ memcpy( cur, prf->other_secret, prf->other_secret_length );
+ mbedtls_platform_zeroize( prf->other_secret, prf->other_secret_length );
+ cur += prf->other_secret_length;
+ }
+ }
+ else
+ {
+ *cur++ = MBEDTLS_BYTE_1( data_length );
+ *cur++ = MBEDTLS_BYTE_0( data_length );
+ memset( cur, 0, data_length );
+ cur += data_length;
+ }
+
*cur++ = MBEDTLS_BYTE_1( data_length );
*cur++ = MBEDTLS_BYTE_0( data_length );
- memset( cur, 0, data_length );
- cur += data_length;
- *cur++ = pms[0];
- *cur++ = pms[1];
memcpy( cur, data, data_length );
+ mbedtls_platform_zeroize( (void*) data, data_length );
cur += data_length;
status = psa_tls12_prf_set_key( prf, pms, cur - pms );
- mbedtls_platform_zeroize( pms, sizeof( pms ) );
+ mbedtls_platform_zeroize( pms, pms_len );
+ mbedtls_free( pms );
return( status );
}
+static psa_status_t psa_tls12_prf_psk_to_ms_set_other_key(
+ psa_tls12_prf_key_derivation_t *prf,
+ const uint8_t *data,
+ size_t data_length )
+{
+ if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
+ return( PSA_ERROR_BAD_STATE );
+
+ if( data_length != 0 )
+ {
+ prf->other_secret = mbedtls_calloc( 1, data_length );
+ if( prf->other_secret == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ memcpy( prf->other_secret, data, data_length );
+ prf->other_secret_length = data_length;
+ }
+ else
+ {
+ prf->other_secret_length = 0;
+ }
+
+ prf->state = PSA_TLS12_PRF_STATE_OTHER_KEY_SET;
+
+ return( PSA_SUCCESS );
+}
+
static psa_status_t psa_tls12_prf_psk_to_ms_input(
psa_tls12_prf_key_derivation_t *prf,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ switch( step )
{
- return( psa_tls12_prf_psk_to_ms_set_key( prf,
- data, data_length ) );
- }
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ return( psa_tls12_prf_psk_to_ms_set_key( prf,
+ data, data_length ) );
+ break;
+ case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
+ return( psa_tls12_prf_psk_to_ms_set_other_key( prf,
+ data,
+ data_length ) );
+ break;
+ default:
+ return( psa_tls12_prf_input( prf, step, data, data_length ) );
+ break;
- return( psa_tls12_prf_input( prf, step, data, data_length ) );
+ }
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
@@ -5192,6 +5454,12 @@
if( key_type == PSA_KEY_TYPE_NONE )
return( PSA_SUCCESS );
break;
+ case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
+ if( key_type == PSA_KEY_TYPE_DERIVE )
+ return( PSA_SUCCESS );
+ if( key_type == PSA_KEY_TYPE_NONE )
+ return( PSA_SUCCESS );
+ break;
case PSA_KEY_DERIVATION_INPUT_LABEL:
case PSA_KEY_DERIVATION_INPUT_SALT:
case PSA_KEY_DERIVATION_INPUT_INFO:
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index ae30e5f..fafe68b 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -47,39 +47,61 @@
{
switch( alg )
{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
mode = MBEDTLS_MODE_STREAM;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR:
mode = MBEDTLS_MODE_CTR;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB:
mode = MBEDTLS_MODE_CFB;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB:
mode = MBEDTLS_MODE_OFB;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING:
mode = MBEDTLS_MODE_ECB;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING:
mode = MBEDTLS_MODE_CBC;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7:
mode = MBEDTLS_MODE_CBC;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
case PSA_ALG_CCM_STAR_NO_TAG:
mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
mode = MBEDTLS_MODE_CCM;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
mode = MBEDTLS_MODE_GCM;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
mode = MBEDTLS_MODE_CHACHAPOLY;
break;
+#endif
default:
return( NULL );
}
@@ -91,12 +113,17 @@
switch( key_type )
{
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA)
case PSA_KEY_TYPE_ARIA:
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
@@ -110,12 +137,17 @@
if( key_bits == 128 )
key_bits = 192;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
case PSA_KEY_TYPE_CAMELLIA:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20)
case PSA_KEY_TYPE_CHACHA20:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
break;
+#endif
default:
return( NULL );
}
@@ -239,6 +271,7 @@
iv, iv_length ) ) );
}
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
/** Process input for which the algorithm is set to ECB mode.
*
* This requires manual processing, since the PSA API is defined as being
@@ -342,6 +375,7 @@
exit:
return( status );
}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
psa_status_t mbedtls_psa_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
@@ -369,6 +403,7 @@
if( output_size < expected_output_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
if( operation->alg == PSA_ALG_ECB_NO_PADDING )
{
/* mbedtls_cipher_update has an API inconsistency: it will only
@@ -381,6 +416,7 @@
output_length );
}
else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->ctx.cipher, input,
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index e09e4ed..12c649d 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -1,7 +1,6 @@
/*
* Function signatures for functionality that can be provided by
* cryptographic accelerators.
- * Warning: This file will be auto-generated in the future.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -227,6 +226,10 @@
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+psa_status_t psa_driver_get_tag_len(
+ psa_aead_operation_t *operation,
+ uint8_t *tag_len );
+
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
@@ -329,6 +332,35 @@
psa_status_t psa_driver_wrapper_mac_abort(
psa_mac_operation_t *operation );
+/*
+ * Asymmetric cryptography
+ */
+psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index df524e1..68f4bf1 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -23,6 +23,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include <psa/crypto.h>
+#include "psa/crypto_values.h"
#include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
@@ -533,4 +534,223 @@
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+/****************************************************************/
+/* Asymmetric cryptography */
+/****************************************************************/
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
+
+ return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
+}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+
+psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) salt_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+
+ if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ mbedtls_rsa_context *rsa = NULL;
+ status = mbedtls_psa_rsa_load_representation( attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
+ if( output_size < mbedtls_rsa_get_len( rsa ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto rsa_exit;
+ }
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
+ status = mbedtls_to_psa_error(
+ mbedtls_rsa_pkcs1_encrypt( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ input_length,
+ input,
+ output ) );
+#else
+ status = PSA_ERROR_NOT_SUPPORTED;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
+ }
+ else
+ if( PSA_ALG_IS_RSA_OAEP( alg ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_rsa_rsaes_oaep_encrypt( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ salt, salt_length,
+ input_length,
+ input,
+ output ) );
+#else
+ status = PSA_ERROR_NOT_SUPPORTED;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
+ }
+ else
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+rsa_exit:
+ if( status == PSA_SUCCESS )
+ *output_length = mbedtls_rsa_get_len( rsa );
+
+ mbedtls_rsa_free( rsa );
+ mbedtls_free( rsa );
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+ }
+ else
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return status;
+}
+
+psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) salt_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+
+ *output_length = 0;
+
+ if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ mbedtls_rsa_context *rsa = NULL;
+ status = mbedtls_psa_rsa_load_representation( attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
+ if( input_length != mbedtls_rsa_get_len( rsa ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto rsa_exit;
+ }
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+
+ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
+ status = mbedtls_to_psa_error(
+ mbedtls_rsa_pkcs1_decrypt( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ output_length,
+ input,
+ output,
+ output_size ) );
+#else
+ status = PSA_ERROR_NOT_SUPPORTED;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
+ }
+ else
+ if( PSA_ALG_IS_RSA_OAEP( alg ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_rsa_rsaes_oaep_decrypt( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ salt, salt_length,
+ output_length,
+ input,
+ output,
+ output_size ) );
+#else
+ status = PSA_ERROR_NOT_SUPPORTED;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
+ }
+ else
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+rsa_exit:
+ mbedtls_rsa_free( rsa );
+ mbedtls_free( rsa );
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
+ }
+ else
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return status;
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index bea762c..197caa8 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -211,4 +211,119 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
+
+/**
+ * \brief Encrypt a short message with a public key.
+ *
+ * \param attributes The attributes for the key to import.
+ * \param key_buffer Buffer where the key data is to be written.
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the encrypted message is to
+ * be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+/**
+ * \brief Decrypt a short message with a private key.
+ *
+ * \param attributes The attributes for the key to import.
+ * \param key_buffer Buffer where the key data is to be written.
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] input The message to decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the decrypted message is to
+ * be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
#endif /* PSA_CRYPTO_RSA_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index c6660b9..db7786d 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -349,6 +349,7 @@
status = psa_crypto_storage_store( attr->id,
storage_data, storage_data_length );
+ mbedtls_platform_zeroize( storage_data, storage_data_length );
mbedtls_free( storage_data );
return( status );
@@ -394,6 +395,7 @@
status = PSA_ERROR_STORAGE_FAILURE;
exit:
+ mbedtls_platform_zeroize( loaded_data, storage_data_length );
mbedtls_free( loaded_data );
return( status );
}
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index c4782cd..f058720 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -184,6 +184,11 @@
const void *p_data,
psa_storage_create_flags_t create_flags )
{
+ if( uid == 0 )
+ {
+ return( PSA_ERROR_INVALID_HANDLE );
+ }
+
psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
FILE *stream = NULL;
diff --git a/library/sha256.c b/library/sha256.c
index c3573f8..bdc396a 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -44,12 +44,119 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#if defined(__aarch64__)
+# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+# include <arm_neon.h>
+# endif
+# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+# if defined(__unix__)
+# if defined(__linux__)
+ /* Our preferred method of detection is getauxval() */
+# include <sys/auxv.h>
+# endif
+ /* Use SIGILL on Unix, and fall back to it on Linux */
+# include <signal.h>
+# endif
+# endif
+#elif defined(_M_ARM64)
+# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+# include <arm64_neon.h>
+# endif
+#else
+# undef MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+# undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * Capability detection code comes early, so we can disable
+ * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
+ */
+#if defined(HWCAP_SHA2)
+static int mbedtls_a64_crypto_sha256_determine_support( void )
+{
+ return( ( getauxval( AT_HWCAP ) & HWCAP_SHA2 ) ? 1 : 0 );
+}
+#elif defined(__APPLE__)
+static int mbedtls_a64_crypto_sha256_determine_support( void )
+{
+ return( 1 );
+}
+#elif defined(_M_ARM64)
+#define WIN32_LEAN_AND_MEAN
+#include <Windows.h>
+#include <processthreadsapi.h>
+
+static int mbedtls_a64_crypto_sha256_determine_support( void )
+{
+ return( IsProcessorFeaturePresent( PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE ) ?
+ 1 : 0 );
+}
+#elif defined(__unix__) && defined(SIG_SETMASK)
+/* Detection with SIGILL, setjmp() and longjmp() */
+#include <signal.h>
+#include <setjmp.h>
+
+#ifndef asm
+#define asm __asm__
+#endif
+
+static jmp_buf return_from_sigill;
+
+/*
+ * A64 SHA256 support detection via SIGILL
+ */
+static void sigill_handler( int signal )
+{
+ (void) signal;
+ longjmp( return_from_sigill, 1 );
+}
+
+static int mbedtls_a64_crypto_sha256_determine_support( void )
+{
+ struct sigaction old_action, new_action;
+
+ sigset_t old_mask;
+ if( sigprocmask( 0, NULL, &old_mask ) )
+ return( 0 );
+
+ sigemptyset( &new_action.sa_mask );
+ new_action.sa_flags = 0;
+ new_action.sa_handler = sigill_handler;
+
+ sigaction( SIGILL, &new_action, &old_action );
+
+ static int ret = 0;
+
+ if( setjmp( return_from_sigill ) == 0 ) /* First return only */
+ {
+ /* If this traps, we will return a second time from setjmp() with 1 */
+ asm( "sha256h q0, q0, v0.4s" : : : "v0" );
+ ret = 1;
+ }
+
+ sigaction( SIGILL, &old_action, NULL );
+ sigprocmask( SIG_SETMASK, &old_mask, NULL );
+
+ return( ret );
+}
+#else
+#warning "No mechanism to detect A64_CRYPTO found, using C code only"
+#undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+#endif /* HWCAP_SHA2, __APPLE__, __unix__ && SIG_SETMASK */
+
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+
#define SHA256_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
#if !defined(MBEDTLS_SHA256_ALT)
+#define SHA256_BLOCK_SIZE 64
+
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
SHA256_VALIDATE( ctx != NULL );
@@ -143,6 +250,132 @@
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
};
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+# define mbedtls_internal_sha256_process_many_a64_crypto mbedtls_internal_sha256_process_many
+# define mbedtls_internal_sha256_process_a64_crypto mbedtls_internal_sha256_process
+#endif
+
+static size_t mbedtls_internal_sha256_process_many_a64_crypto(
+ mbedtls_sha256_context *ctx, const uint8_t *msg, size_t len )
+{
+ uint32x4_t abcd = vld1q_u32( &ctx->state[0] );
+ uint32x4_t efgh = vld1q_u32( &ctx->state[4] );
+
+ size_t processed = 0;
+
+ for( ;
+ len >= SHA256_BLOCK_SIZE;
+ processed += SHA256_BLOCK_SIZE,
+ msg += SHA256_BLOCK_SIZE,
+ len -= SHA256_BLOCK_SIZE )
+ {
+ uint32x4_t tmp, abcd_prev;
+
+ uint32x4_t abcd_orig = abcd;
+ uint32x4_t efgh_orig = efgh;
+
+ uint32x4_t sched0 = (uint32x4_t) vld1q_u8( msg + 16 * 0 );
+ uint32x4_t sched1 = (uint32x4_t) vld1q_u8( msg + 16 * 1 );
+ uint32x4_t sched2 = (uint32x4_t) vld1q_u8( msg + 16 * 2 );
+ uint32x4_t sched3 = (uint32x4_t) vld1q_u8( msg + 16 * 3 );
+
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* Will be true if not defined */
+ /* Untested on BE */
+ sched0 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched0 ) ) );
+ sched1 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched1 ) ) );
+ sched2 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched2 ) ) );
+ sched3 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched3 ) ) );
+#endif
+
+ /* Rounds 0 to 3 */
+ tmp = vaddq_u32( sched0, vld1q_u32( &K[0] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds 4 to 7 */
+ tmp = vaddq_u32( sched1, vld1q_u32( &K[4] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds 8 to 11 */
+ tmp = vaddq_u32( sched2, vld1q_u32( &K[8] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds 12 to 15 */
+ tmp = vaddq_u32( sched3, vld1q_u32( &K[12] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ for( int t = 16; t < 64; t += 16 )
+ {
+ /* Rounds t to t + 3 */
+ sched0 = vsha256su1q_u32( vsha256su0q_u32( sched0, sched1 ), sched2, sched3 );
+ tmp = vaddq_u32( sched0, vld1q_u32( &K[t] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds t + 4 to t + 7 */
+ sched1 = vsha256su1q_u32( vsha256su0q_u32( sched1, sched2 ), sched3, sched0 );
+ tmp = vaddq_u32( sched1, vld1q_u32( &K[t + 4] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds t + 8 to t + 11 */
+ sched2 = vsha256su1q_u32( vsha256su0q_u32( sched2, sched3 ), sched0, sched1 );
+ tmp = vaddq_u32( sched2, vld1q_u32( &K[t + 8] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+
+ /* Rounds t + 12 to t + 15 */
+ sched3 = vsha256su1q_u32( vsha256su0q_u32( sched3, sched0 ), sched1, sched2 );
+ tmp = vaddq_u32( sched3, vld1q_u32( &K[t + 12] ) );
+ abcd_prev = abcd;
+ abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
+ efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+ }
+
+ abcd = vaddq_u32( abcd, abcd_orig );
+ efgh = vaddq_u32( efgh, efgh_orig );
+ }
+
+ vst1q_u32( &ctx->state[0], abcd );
+ vst1q_u32( &ctx->state[4], efgh );
+
+ return( processed );
+}
+
+int mbedtls_internal_sha256_process_a64_crypto( mbedtls_sha256_context *ctx,
+ const unsigned char data[SHA256_BLOCK_SIZE] )
+{
+ return( ( mbedtls_internal_sha256_process_many_a64_crypto( ctx, data,
+ SHA256_BLOCK_SIZE ) == SHA256_BLOCK_SIZE ) ? 0 : -1 );
+}
+
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#define mbedtls_internal_sha256_process_many_c mbedtls_internal_sha256_process_many
+#define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process
+#endif
+
+
+#if !defined(MBEDTLS_SHA256_PROCESS_ALT) && \
+ !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+
#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
@@ -169,8 +402,8 @@
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while( 0 )
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] )
+int mbedtls_internal_sha256_process_c( mbedtls_sha256_context *ctx,
+ const unsigned char data[SHA256_BLOCK_SIZE] )
{
struct
{
@@ -257,7 +490,69 @@
return( 0 );
}
-#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
+#endif /* !MBEDTLS_SHA256_PROCESS_ALT && !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+
+static size_t mbedtls_internal_sha256_process_many_c(
+ mbedtls_sha256_context *ctx, const uint8_t *data, size_t len )
+{
+ size_t processed = 0;
+
+ while( len >= SHA256_BLOCK_SIZE )
+ {
+ if( mbedtls_internal_sha256_process_c( ctx, data ) != 0 )
+ return( 0 );
+
+ data += SHA256_BLOCK_SIZE;
+ len -= SHA256_BLOCK_SIZE;
+
+ processed += SHA256_BLOCK_SIZE;
+ }
+
+ return( processed );
+}
+
+#endif /* !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+
+static int mbedtls_a64_crypto_sha256_has_support( void )
+{
+ static int done = 0;
+ static int supported = 0;
+
+ if( !done )
+ {
+ supported = mbedtls_a64_crypto_sha256_determine_support();
+ done = 1;
+ }
+
+ return( supported );
+}
+
+static size_t mbedtls_internal_sha256_process_many( mbedtls_sha256_context *ctx,
+ const uint8_t *msg, size_t len )
+{
+ if( mbedtls_a64_crypto_sha256_has_support() )
+ return( mbedtls_internal_sha256_process_many_a64_crypto( ctx, msg, len ) );
+ else
+ return( mbedtls_internal_sha256_process_many_c( ctx, msg, len ) );
+}
+
+int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
+ const unsigned char data[SHA256_BLOCK_SIZE] )
+{
+ if( mbedtls_a64_crypto_sha256_has_support() )
+ return( mbedtls_internal_sha256_process_a64_crypto( ctx, data ) );
+ else
+ return( mbedtls_internal_sha256_process_c( ctx, data ) );
+}
+
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+
/*
* SHA-256 process buffer
@@ -277,7 +572,7 @@
return( 0 );
left = ctx->total[0] & 0x3F;
- fill = 64 - left;
+ fill = SHA256_BLOCK_SIZE - left;
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
@@ -297,13 +592,15 @@
left = 0;
}
- while( ilen >= 64 )
+ while( ilen >= SHA256_BLOCK_SIZE )
{
- if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
- return( ret );
+ size_t processed =
+ mbedtls_internal_sha256_process_many( ctx, input, ilen );
+ if( processed < SHA256_BLOCK_SIZE )
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
- input += 64;
- ilen -= 64;
+ input += processed;
+ ilen -= processed;
}
if( ilen > 0 )
@@ -340,7 +637,7 @@
else
{
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 64 - used );
+ memset( ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used );
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
return( ret );
diff --git a/library/sha512.c b/library/sha512.c
index 2b4cc54..71fbff0 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -50,12 +50,128 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#if defined(__aarch64__)
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# include <arm_neon.h>
+# endif
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+# if defined(__unix__)
+# if defined(__linux__)
+ /* Our preferred method of detection is getauxval() */
+# include <sys/auxv.h>
+# endif
+ /* Use SIGILL on Unix, and fall back to it on Linux */
+# include <signal.h>
+# endif
+# endif
+#elif defined(_M_ARM64)
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# include <arm64_neon.h>
+# endif
+#else
+# undef MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+# undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * Capability detection code comes early, so we can disable
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
+ */
+#if defined(HWCAP_SHA512)
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ return( ( getauxval( AT_HWCAP ) & HWCAP_SHA512 ) ? 1 : 0 );
+}
+#elif defined(__APPLE__)
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ int value = 0;
+ size_t value_len = sizeof(value);
+
+ int ret = sysctlbyname( "hw.optional.armv8_2_sha512", &value, &value_len,
+ NULL, 0 );
+ return( ret == 0 && value != 0 );
+}
+#elif defined(_M_ARM64)
+/*
+ * As of March 2022, there don't appear to be any PF_ARM_V8_* flags
+ * available to pass to IsProcessorFeaturePresent() to check for
+ * SHA-512 support. So we fall back to the C code only.
+ */
+#if defined(_MSC_VER)
+#pragma message "No mechanism to detect A64_CRYPTO found, using C code only"
+#else
+#warning "No mechanism to detect A64_CRYPTO found, using C code only"
+#endif
+#elif defined(__unix__) && defined(SIG_SETMASK)
+/* Detection with SIGILL, setjmp() and longjmp() */
+#include <signal.h>
+#include <setjmp.h>
+
+#ifndef asm
+#define asm __asm__
+#endif
+
+static jmp_buf return_from_sigill;
+
+/*
+ * A64 SHA512 support detection via SIGILL
+ */
+static void sigill_handler( int signal )
+{
+ (void) signal;
+ longjmp( return_from_sigill, 1 );
+}
+
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ struct sigaction old_action, new_action;
+
+ sigset_t old_mask;
+ if( sigprocmask( 0, NULL, &old_mask ) )
+ return( 0 );
+
+ sigemptyset( &new_action.sa_mask );
+ new_action.sa_flags = 0;
+ new_action.sa_handler = sigill_handler;
+
+ sigaction( SIGILL, &new_action, &old_action );
+
+ static int ret = 0;
+
+ if( setjmp( return_from_sigill ) == 0 ) /* First return only */
+ {
+ /* If this traps, we will return a second time from setjmp() with 1 */
+ asm( "sha512h q0, q0, v0.2d" : : : "v0" );
+ ret = 1;
+ }
+
+ sigaction( SIGILL, &old_action, NULL );
+ sigprocmask( SIG_SETMASK, &old_mask, NULL );
+
+ return( ret );
+}
+#else
+#warning "No mechanism to detect A64_CRYPTO found, using C code only"
+#undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+#endif /* HWCAP_SHA512, __APPLE__, __unix__ && SIG_SETMASK */
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
+
#define SHA512_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
#if !defined(MBEDTLS_SHA512_ALT)
+#define SHA512_BLOCK_SIZE 128
+
#if defined(MBEDTLS_SHA512_SMALLER)
static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
{
@@ -188,9 +304,249 @@
UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
};
+#endif
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# define mbedtls_internal_sha512_process_many_a64_crypto mbedtls_internal_sha512_process_many
+# define mbedtls_internal_sha512_process_a64_crypto mbedtls_internal_sha512_process
+#endif
+
+#ifndef asm
+#define asm __asm__
+#endif
+
+/* Accelerated SHA-512 implementation originally written by Simon Tatham for PuTTY,
+ * under the MIT licence; dual-licensed as Apache 2 with his kind permission.
+ */
+
+#if defined(__clang__) && \
+ (__clang_major__ < 13 || \
+ (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0))
+static inline uint64x2_t vsha512su0q_u64(uint64x2_t x, uint64x2_t y)
+{
+ asm( "sha512su0 %0.2D,%1.2D" : "+w" (x) : "w" (y) );
+ return( x );
+}
+static inline uint64x2_t vsha512su1q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512su1 %0.2D,%1.2D,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+static inline uint64x2_t vsha512hq_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512h %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+static inline uint64x2_t vsha512h2q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512h2 %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+#endif /* __clang__ etc */
+
+static size_t mbedtls_internal_sha512_process_many_a64_crypto(
+ mbedtls_sha512_context *ctx, const uint8_t *msg, size_t len )
+{
+ uint64x2_t ab = vld1q_u64( &ctx->state[0] );
+ uint64x2_t cd = vld1q_u64( &ctx->state[2] );
+ uint64x2_t ef = vld1q_u64( &ctx->state[4] );
+ uint64x2_t gh = vld1q_u64( &ctx->state[6] );
+
+ size_t processed = 0;
+
+ for ( ;
+ len >= SHA512_BLOCK_SIZE;
+ processed += SHA512_BLOCK_SIZE,
+ msg += SHA512_BLOCK_SIZE,
+ len -= SHA512_BLOCK_SIZE )
+ {
+ uint64x2_t initial_sum, sum, intermed;
+
+ uint64x2_t ab_orig = ab;
+ uint64x2_t cd_orig = cd;
+ uint64x2_t ef_orig = ef;
+ uint64x2_t gh_orig = gh;
+
+ uint64x2_t s0 = (uint64x2_t) vld1q_u8( msg + 16 * 0 );
+ uint64x2_t s1 = (uint64x2_t) vld1q_u8( msg + 16 * 1 );
+ uint64x2_t s2 = (uint64x2_t) vld1q_u8( msg + 16 * 2 );
+ uint64x2_t s3 = (uint64x2_t) vld1q_u8( msg + 16 * 3 );
+ uint64x2_t s4 = (uint64x2_t) vld1q_u8( msg + 16 * 4 );
+ uint64x2_t s5 = (uint64x2_t) vld1q_u8( msg + 16 * 5 );
+ uint64x2_t s6 = (uint64x2_t) vld1q_u8( msg + 16 * 6 );
+ uint64x2_t s7 = (uint64x2_t) vld1q_u8( msg + 16 * 7 );
+
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* assume LE if these not defined; untested on BE */
+ s0 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s0 ) ) );
+ s1 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s1 ) ) );
+ s2 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s2 ) ) );
+ s3 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s3 ) ) );
+ s4 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s4 ) ) );
+ s5 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s5 ) ) );
+ s6 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s6 ) ) );
+ s7 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s7 ) ) );
+#endif
+
+ /* Rounds 0 and 1 */
+ initial_sum = vaddq_u64( s0, vld1q_u64( &K[0] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds 2 and 3 */
+ initial_sum = vaddq_u64( s1, vld1q_u64( &K[2] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds 4 and 5 */
+ initial_sum = vaddq_u64( s2, vld1q_u64( &K[4] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds 6 and 7 */
+ initial_sum = vaddq_u64( s3, vld1q_u64( &K[6] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ /* Rounds 8 and 9 */
+ initial_sum = vaddq_u64( s4, vld1q_u64( &K[8] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds 10 and 11 */
+ initial_sum = vaddq_u64( s5, vld1q_u64( &K[10] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds 12 and 13 */
+ initial_sum = vaddq_u64( s6, vld1q_u64( &K[12] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds 14 and 15 */
+ initial_sum = vaddq_u64( s7, vld1q_u64( &K[14] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ for ( unsigned int t = 16; t < 80; t += 16 )
+ {
+ /* Rounds t and t + 1 */
+ s0 = vsha512su1q_u64( vsha512su0q_u64( s0, s1 ), s7, vextq_u64( s4, s5, 1 ) );
+ initial_sum = vaddq_u64( s0, vld1q_u64( &K[t] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds t + 2 and t + 3 */
+ s1 = vsha512su1q_u64( vsha512su0q_u64( s1, s2 ), s0, vextq_u64( s5, s6, 1 ) );
+ initial_sum = vaddq_u64( s1, vld1q_u64( &K[t + 2] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds t + 4 and t + 5 */
+ s2 = vsha512su1q_u64( vsha512su0q_u64( s2, s3 ), s1, vextq_u64( s6, s7, 1 ) );
+ initial_sum = vaddq_u64( s2, vld1q_u64( &K[t + 4] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds t + 6 and t + 7 */
+ s3 = vsha512su1q_u64( vsha512su0q_u64( s3, s4 ), s2, vextq_u64( s7, s0, 1 ) );
+ initial_sum = vaddq_u64( s3, vld1q_u64( &K[t + 6] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ /* Rounds t + 8 and t + 9 */
+ s4 = vsha512su1q_u64( vsha512su0q_u64( s4, s5 ), s3, vextq_u64( s0, s1, 1 ) );
+ initial_sum = vaddq_u64( s4, vld1q_u64( &K[t + 8] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds t + 10 and t + 11 */
+ s5 = vsha512su1q_u64( vsha512su0q_u64( s5, s6 ), s4, vextq_u64( s1, s2, 1 ) );
+ initial_sum = vaddq_u64( s5, vld1q_u64( &K[t + 10] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds t + 12 and t + 13 */
+ s6 = vsha512su1q_u64( vsha512su0q_u64( s6, s7 ), s5, vextq_u64( s2, s3, 1 ) );
+ initial_sum = vaddq_u64( s6, vld1q_u64( &K[t + 12] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds t + 14 and t + 15 */
+ s7 = vsha512su1q_u64( vsha512su0q_u64( s7, s0 ), s6, vextq_u64( s3, s4, 1 ) );
+ initial_sum = vaddq_u64( s7, vld1q_u64( &K[t + 14] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+ }
+
+ ab = vaddq_u64( ab, ab_orig );
+ cd = vaddq_u64( cd, cd_orig );
+ ef = vaddq_u64( ef, ef_orig );
+ gh = vaddq_u64( gh, gh_orig );
+ }
+
+ vst1q_u64( &ctx->state[0], ab );
+ vst1q_u64( &ctx->state[2], cd );
+ vst1q_u64( &ctx->state[4], ef );
+ vst1q_u64( &ctx->state[6], gh );
+
+ return( processed );
+}
+
+int mbedtls_internal_sha512_process_a64_crypto( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
+{
+ return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, data,
+ SHA512_BLOCK_SIZE ) == SHA512_BLOCK_SIZE ) ? 0 : -1;
+}
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+#define mbedtls_internal_sha512_process_many_c mbedtls_internal_sha512_process_many
+#define mbedtls_internal_sha512_process_c mbedtls_internal_sha512_process
+#endif
+
+
+#if !defined(MBEDTLS_SHA512_PROCESS_ALT) && !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+int mbedtls_internal_sha512_process_c( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
{
int i;
struct
@@ -291,7 +647,68 @@
return( 0 );
}
-#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
+#endif /* !MBEDTLS_SHA512_PROCESS_ALT && !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+static size_t mbedtls_internal_sha512_process_many_c(
+ mbedtls_sha512_context *ctx, const uint8_t *data, size_t len)
+{
+ size_t processed = 0;
+
+ while( len >= SHA512_BLOCK_SIZE )
+ {
+ if( mbedtls_internal_sha512_process_c( ctx, data ) != 0)
+ return( 0 );
+
+ data += SHA512_BLOCK_SIZE;
+ len -= SHA512_BLOCK_SIZE;
+
+ processed += SHA512_BLOCK_SIZE;
+ }
+
+ return( processed );
+}
+
+#endif /* !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+
+int mbedtls_a64_crypto_sha512_has_support( void )
+{
+ static int done = 0;
+ static int supported = 0;
+
+ if( !done )
+ {
+ supported = mbedtls_a64_crypto_sha512_determine_support();
+ done = 1;
+ }
+
+ return( supported );
+}
+
+static size_t mbedtls_internal_sha512_process_many( mbedtls_sha512_context *ctx,
+ const uint8_t *msg, size_t len )
+{
+ if( mbedtls_a64_crypto_sha512_has_support() )
+ return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, msg, len ) );
+ else
+ return( mbedtls_internal_sha512_process_many_c( ctx, msg, len ) );
+}
+
+int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
+{
+ if( mbedtls_a64_crypto_sha512_has_support() )
+ return( mbedtls_internal_sha512_process_a64_crypto( ctx, data ) );
+ else
+ return( mbedtls_internal_sha512_process_c( ctx, data ) );
+}
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
/*
* SHA-512 process buffer
@@ -311,7 +728,7 @@
return( 0 );
left = (unsigned int) (ctx->total[0] & 0x7F);
- fill = 128 - left;
+ fill = SHA512_BLOCK_SIZE - left;
ctx->total[0] += (uint64_t) ilen;
@@ -330,13 +747,15 @@
left = 0;
}
- while( ilen >= 128 )
+ while( ilen >= SHA512_BLOCK_SIZE )
{
- if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
- return( ret );
+ size_t processed =
+ mbedtls_internal_sha512_process_many( ctx, input, ilen );
+ if( processed < SHA512_BLOCK_SIZE )
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
- input += 128;
- ilen -= 128;
+ input += processed;
+ ilen -= processed;
}
if( ilen > 0 )
@@ -373,7 +792,7 @@
else
{
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 128 - used );
+ memset( ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used );
if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
return( ret );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 62588dc..ee8a60e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -299,32 +299,28 @@
{ MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_SHA256_C */
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
{ MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_SHA256_C && MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_SHA256_C)
@@ -332,9 +328,8 @@
"TLS1-3-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -346,63 +341,56 @@
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
{ MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
{ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
{ MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
{ MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_CHACHAPOLY_C &&
MBEDTLS_SHA256_C &&
@@ -413,69 +401,59 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -484,16 +462,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -501,16 +477,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -519,9 +493,8 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
@@ -532,46 +505,40 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_AES_C */
@@ -581,16 +548,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -598,16 +563,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -616,9 +579,8 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
@@ -629,32 +591,28 @@
defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C && MBEDTLS_GCM_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA256_C */
@@ -662,38 +620,32 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -702,46 +654,40 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -754,32 +700,28 @@
defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C && MBEDTLS_GCM_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA256_C */
@@ -787,38 +729,32 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -827,29 +763,25 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -857,17 +789,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -880,46 +810,40 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_AES_C */
@@ -929,16 +853,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -946,16 +868,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -964,9 +884,8 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
@@ -977,46 +896,40 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_AES_C */
@@ -1026,16 +939,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1043,16 +954,14 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1061,9 +970,8 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -1074,17 +982,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
@@ -1092,54 +998,46 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -1148,17 +1046,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1166,17 +1062,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1189,17 +1083,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
@@ -1207,54 +1099,46 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -1263,17 +1147,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1281,17 +1163,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1305,31 +1185,27 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_AES_C */
@@ -1339,17 +1215,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1362,17 +1236,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
@@ -1380,31 +1252,27 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_AES_C */
@@ -1414,17 +1282,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1432,17 +1298,15 @@
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1454,9 +1318,8 @@
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_SHORT_TAG },
+ MBEDTLS_CIPHERSUITE_SHORT_TAG,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -1466,25 +1329,22 @@
#if defined(MBEDTLS_MD5_C)
{ MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
@@ -1492,25 +1352,22 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@@ -1518,25 +1375,22 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -1544,25 +1398,22 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -1570,25 +1421,22 @@
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_SHA384_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_CIPHERSUITE_WEAK },
+ MBEDTLS_CIPHERSUITE_WEAK,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
@@ -1601,33 +1449,29 @@
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
@@ -1638,33 +1482,29 @@
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@@ -1675,33 +1515,29 @@
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@@ -1712,33 +1548,29 @@
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
@@ -1749,33 +1581,29 @@
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
@@ -1786,17 +1614,15 @@
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -1807,33 +1633,29 @@
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
@@ -1844,33 +1666,29 @@
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -1881,33 +1699,29 @@
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
@@ -1918,33 +1732,29 @@
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA384_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
+ 0,
+ MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -1954,7 +1764,7 @@
{ 0, "",
MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
- 0, 0, 0, 0, 0 }
+ 0, 0, 0 }
};
#if defined(MBEDTLS_SSL_CIPHERSUITES)
@@ -2064,6 +1874,19 @@
return( cur->id );
}
+size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info )
+{
+#if defined(MBEDTLS_CIPHER_C)
+ const mbedtls_cipher_info_t * const cipher_info =
+ mbedtls_cipher_info_from_type( info->cipher );
+
+ return( mbedtls_cipher_info_get_key_bitlen( cipher_info ) );
+#else
+ (void)info;
+ return( 0 );
+#endif
+}
+
#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
{
diff --git a/library/ssl_client.c b/library/ssl_client.c
new file mode 100644
index 0000000..0c32f07
--- /dev/null
+++ b/library/ssl_client.c
@@ -0,0 +1,999 @@
+/*
+ * TLS 1.2 and 1.3 client-side functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS ( https://tls.mbed.org )
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#include <string.h>
+
+#include "mbedtls/debug.h"
+#include "mbedtls/error.h"
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+#endif
+
+#include "ssl_client.h"
+#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t hostname_len;
+
+ *olen = 0;
+
+ if( ssl->hostname == NULL )
+ return( 0 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding server name extension: %s",
+ ssl->hostname ) );
+
+ hostname_len = strlen( ssl->hostname );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
+
+ /*
+ * Sect. 3, RFC 6066 (TLS Extensions Definitions)
+ *
+ * In order to provide any of the server names, clients MAY include an
+ * extension of type "server_name" in the (extended) client hello. The
+ * "extension_data" field of this extension SHALL contain
+ * "ServerNameList" where:
+ *
+ * struct {
+ * NameType name_type;
+ * select (name_type) {
+ * case host_name: HostName;
+ * } name;
+ * } ServerName;
+ *
+ * enum {
+ * host_name(0), (255)
+ * } NameType;
+ *
+ * opaque HostName<1..2^16-1>;
+ *
+ * struct {
+ * ServerName server_name_list<1..2^16-1>
+ * } ServerNameList;
+ *
+ */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
+ p += 2;
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
+ p += 2;
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
+ p += 2;
+
+ *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+ p += 2;
+
+ memcpy( p, ssl->hostname, hostname_len );
+
+ *olen = hostname_len + 9;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+/*
+ * ssl_write_alpn_ext()
+ *
+ * Structure of the application_layer_protocol_negotiation extension in
+ * ClientHello:
+ *
+ * opaque ProtocolName<1..2^8-1>;
+ *
+ * struct {
+ * ProtocolName protocol_name_list<2..2^16-1>
+ * } ProtocolNameList;
+ *
+ */
+static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+
+ *out_len = 0;
+
+ if( ssl->conf->alpn_list == NULL )
+ return( 0 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+
+
+ /* Check we have enough space for the extension type (2 bytes), the
+ * extension length (2 bytes) and the protocol_name_list length (2 bytes).
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+ /* Skip writing extension and list length for now */
+ p += 6;
+
+ /*
+ * opaque ProtocolName<1..2^8-1>;
+ *
+ * struct {
+ * ProtocolName protocol_name_list<2..2^16-1>
+ * } ProtocolNameList;
+ */
+ for( const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+ {
+ /*
+ * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
+ * protocol names is less than 255.
+ */
+ size_t protocol_name_len = strlen( *cur );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + protocol_name_len );
+ *p++ = (unsigned char)protocol_name_len;
+ memcpy( p, *cur, protocol_name_len );
+ p += protocol_name_len;
+ }
+
+ *out_len = p - buf;
+
+ /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
+ MBEDTLS_PUT_UINT16_BE( *out_len - 6, buf, 4 );
+
+ /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
+ MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * Function for writing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf ;
+ unsigned char *named_group_list; /* Start of named_group_list */
+ size_t named_group_list_len; /* Length of named_group_list */
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
+
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - named_group_list_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ named_group_list = p;
+
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got supported group(%04x)", *group_list ) );
+
+#if defined(MBEDTLS_ECP_C)
+ if( ( mbedtls_ssl_conf_is_tls13_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) ||
+ ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls12_named_group_is_ecdhe( *group_list ) ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info;
+ curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
+ if( curve_info == NULL )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+ curve_info->name, *group_list ) );
+ }
+#endif /* MBEDTLS_ECP_C */
+ /* Add DHE groups here */
+
+ }
+
+ /* Length of named_group_list */
+ named_group_list_len = p - named_group_list;
+ if( named_group_list_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Write extension_type */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
+ /* Write extension_data_length */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
+ /* Write length of named_group_list */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension",
+ buf + 4, named_group_list_len + 2 );
+
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ return( 0 );
+}
+
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Function for writing a signature algorithm extension.
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
+ * value (TLS 1.3 RFC8446):
+ * enum {
+ * ....
+ * ecdsa_secp256r1_sha256( 0x0403 ),
+ * ecdsa_secp384r1_sha384( 0x0503 ),
+ * ecdsa_secp521r1_sha512( 0x0603 ),
+ * ....
+ * } SignatureScheme;
+ *
+ * struct {
+ * SignatureScheme supported_signature_algorithms<2..2^16-2>;
+ * } SignatureSchemeList;
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm`
+ * value (TLS 1.2 RFC5246):
+ * enum {
+ * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+ * sha512(6), (255)
+ * } HashAlgorithm;
+ *
+ * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+ * SignatureAlgorithm;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2..2^16-2>;
+ *
+ * The TLS 1.3 signature algorithm extension was defined to be a compatible
+ * generalization of the TLS 1.2 signature algorithm extension.
+ * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
+ * `SignatureScheme` field of TLS 1.3
+ *
+ */
+static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len )
+{
+ unsigned char *p = buf;
+ unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
+ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
+
+ /* Check if we have space for header and length field:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - supported_signature_algorithms_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ /*
+ * Write supported_signature_algorithms
+ */
+ supported_sig_alg = p;
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ {
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
+ }
+
+ /* Length of supported_signature_algorithms */
+ supported_sig_alg_len = p - supported_sig_alg;
+ if( supported_sig_alg_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Write extension_type */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
+ /* Write extension_data_length */
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
+ /* Write length of supported_signature_algorithms */
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
+
+ /* Output the total length of signature algorithms extension. */
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+static int ssl_write_client_hello_cipher_suites(
+ mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ int *tls12_uses_ec,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+ const int *ciphersuite_list;
+ unsigned char *cipher_suites; /* Start of the cipher_suites list */
+ size_t cipher_suites_len;
+
+ *tls12_uses_ec = 0;
+ *out_len = 0;
+
+ /*
+ * Ciphersuite list
+ *
+ * This is a list of the symmetric cipher options supported by
+ * the client, specifically the record protection algorithm
+ * ( including secret key length ) and a hash to be used with
+ * HKDF, in descending order of client preference.
+ */
+ ciphersuite_list = ssl->conf->ciphersuite_list;
+
+ /* Check there is space for the cipher suite list length (2 bytes). */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ p += 2;
+
+ /* Write cipher_suites
+ * CipherSuite cipher_suites<2..2^16-2>;
+ */
+ cipher_suites = p;
+ for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
+ {
+ int cipher_suite = ciphersuite_list[i];
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+
+ if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+ ssl->handshake->min_tls_version,
+ ssl->tls_version ) != 0 )
+ continue;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
+ *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
+#endif
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
+ (unsigned int) cipher_suite,
+ ciphersuite_info->name ) );
+
+ /* Check there is space for the cipher suite identifier (2 bytes). */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 );
+ p += 2;
+ }
+
+ /*
+ * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
+ p += 2;
+ }
+
+ /* Write the cipher_suites length in number of bytes */
+ cipher_suites_len = p - cipher_suites;
+ MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
+ cipher_suites_len/2 ) );
+
+ /* Output the total length of cipher_suites field. */
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+/*
+ * Structure of the TLS 1.3 ClientHello message:
+ *
+ * struct {
+ * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
+ * Random random;
+ * opaque legacy_session_id<0..32>;
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * Extension extensions<8..2^16-1>;
+ * } ClientHello;
+ *
+ * Structure of the (D)TLS 1.2 ClientHello message:
+ *
+ * struct {
+ * ProtocolVersion client_version;
+ * Random random;
+ * SessionID session_id;
+ * opaque cookie<0..2^8-1>; // DTLS 1.2 ONLY
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * CompressionMethod compression_methods<1..2^8-1>;
+ * select (extensions_present) {
+ * case false:
+ * struct {};
+ * case true:
+ * Extension extensions<0..2^16-1>;
+ * };
+ * } ClientHello;
+ */
+static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ unsigned char *p = buf;
+ unsigned char *p_extensions_len; /* Pointer to extensions length */
+ size_t output_len; /* Length of buffer used by function */
+ size_t extensions_len; /* Length of the list of extensions*/
+ int tls12_uses_ec = 0;
+
+ *out_len = 0;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ unsigned char propose_tls12 =
+ ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
+ &&
+ ( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ unsigned char propose_tls13 =
+ ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
+ &&
+ ( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
+#endif
+
+ /*
+ * Write client_version (TLS 1.2) or legacy_version (TLS 1.3)
+ *
+ * In all cases this is the TLS 1.2 version.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ mbedtls_ssl_write_version( p, ssl->conf->transport,
+ MBEDTLS_SSL_VERSION_TLS1_2 );
+ p += 2;
+
+ /* ...
+ * Random random;
+ * ...
+ *
+ * The random bytes have been prepared by ssl_prepare_client_hello() into
+ * the handshake->randbytes buffer and are copied here into the output
+ * buffer.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ memcpy( p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
+ p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
+
+ /* TLS 1.2:
+ * ...
+ * SessionID session_id;
+ * ...
+ * with
+ * opaque SessionID<0..32>;
+ *
+ * TLS 1.3:
+ * ...
+ * opaque legacy_session_id<0..32>;
+ * ...
+ *
+ * The (legacy) session identifier bytes have been prepared by
+ * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
+ * and are copied here into the output buffer.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->session_negotiate->id_len + 1 );
+ *p++ = (unsigned char)ssl->session_negotiate->id_len;
+ memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+ p += ssl->session_negotiate->id_len;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
+ ssl->session_negotiate->id_len );
+
+ /* DTLS 1.2 ONLY
+ * ...
+ * opaque cookie<0..2^8-1>;
+ * ...
+ */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ unsigned char cookie_len = 0;
+
+ if( handshake->cookie != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+ handshake->cookie,
+ handshake->verify_cookie_len );
+ cookie_len = handshake->verify_cookie_len;
+ }
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, cookie_len + 1 );
+ *p++ = cookie_len;
+ if( cookie_len > 0 )
+ {
+ memcpy( p, handshake->cookie, cookie_len );
+ p += cookie_len;
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
+
+ /* Write cipher_suites */
+ ret = ssl_write_client_hello_cipher_suites( ssl, p, end,
+ &tls12_uses_ec,
+ &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+
+ /* Write legacy_compression_methods (TLS 1.3) or
+ * compression_methods (TLS 1.2)
+ *
+ * For every TLS 1.3 ClientHello, this vector MUST contain exactly
+ * one byte set to zero, which corresponds to the 'null' compression
+ * method in prior versions of TLS.
+ *
+ * For TLS 1.2 ClientHello, for security reasons we do not support
+ * compression anymore, thus also just the 'null' compression method.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ *p++ = 1;
+ *p++ = MBEDTLS_SSL_COMPRESS_NULL;
+
+ /* Write extensions */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ /* Keeping track of the included extensions */
+ handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+#endif
+
+ /* First write extensions, then the total length */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ p_extensions_len = p;
+ p += 2;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ /* Write server name extension */
+ ret = ssl_write_hostname_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ ret = ssl_write_alpn_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( propose_tls13 )
+ {
+ ret = mbedtls_ssl_tls13_write_client_hello_exts( ssl, p, end,
+ &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if(
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ( propose_tls13 &&
+ mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) ||
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ ( propose_tls12 && tls12_uses_ec ) ||
+#endif
+ 0 )
+ {
+ ret = ssl_write_supported_groups_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if(
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ( propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) ||
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ propose_tls12 ||
+#endif
+ 0 )
+ {
+ ret = ssl_write_sig_alg_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( propose_tls12 )
+ {
+ ret = mbedtls_ssl_tls12_write_client_hello_exts( ssl, p, end,
+ tls12_uses_ec,
+ &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ /* Write the length of the list of extensions. */
+ extensions_len = p - p_extensions_len - 2;
+
+ if( extensions_len == 0 )
+ p = p_extensions_len;
+ else
+ {
+ MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" \
+ MBEDTLS_PRINTF_SIZET, extensions_len ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions",
+ p_extensions_len, extensions_len );
+ }
+
+ *out_len = p - buf;
+ return( 0 );
+}
+
+static int ssl_generate_random( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *randbytes = ssl->handshake->randbytes;
+ size_t gmt_unix_time_len = 0;
+
+ /*
+ * Generate the random bytes
+ *
+ * TLS 1.2 case:
+ * struct {
+ * uint32 gmt_unix_time;
+ * opaque random_bytes[28];
+ * } Random;
+ *
+ * TLS 1.3 case:
+ * opaque Random[32];
+ */
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t gmt_unix_time = mbedtls_time( NULL );
+ MBEDTLS_PUT_UINT32_BE( gmt_unix_time, randbytes, 0 );
+ gmt_unix_time_len = 4;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+ (long long) gmt_unix_time ) );
+#endif /* MBEDTLS_HAVE_TIME */
+ }
+
+ ret = ssl->conf->f_rng( ssl->conf->p_rng,
+ randbytes + gmt_unix_time_len,
+ MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len );
+ return( ret );
+}
+
+static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
+{
+ int ret;
+ size_t session_id_len;
+
+ if( ssl->conf->f_rng == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+ return( MBEDTLS_ERR_SSL_NO_RNG );
+ }
+
+ /* Bet on the highest configured version if we are not in a TLS 1.2
+ * renegotiation or session resumption.
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ ssl->handshake->min_tls_version = ssl->tls_version;
+ else
+#endif
+ {
+ if( ssl->handshake->resume )
+ {
+ ssl->tls_version = ssl->session_negotiate->tls_version;
+ ssl->handshake->min_tls_version = ssl->tls_version;
+ }
+ else
+ {
+ ssl->tls_version = ssl->conf->max_tls_version;
+ ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
+ }
+ }
+
+ /*
+ * Generate the random bytes, except when responding to a verify request
+ * where we MUST reuse the previoulsy generated random bytes
+ * (RFC 6347 4.2.1).
+ */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
+ ( ssl->handshake->cookie == NULL ) )
+#endif
+ {
+ ret = ssl_generate_random( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "Random bytes generation failed", ret );
+ return( ret );
+ }
+ }
+
+ /*
+ * Prepare session identifier. At that point, the length of the session
+ * identifier in the SSL context `ssl->session_negotiate->id_len` is equal
+ * to zero, except in the case of a TLS 1.2 session renegotiation or
+ * session resumption.
+ */
+ session_id_len = ssl->session_negotiate->id_len;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ if( session_id_len < 16 || session_id_len > 32 ||
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
+#endif
+ ssl->handshake->resume == 0 )
+ {
+ session_id_len = 0;
+ }
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ /*
+ * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
+ * generate and include a Session ID in the TLS ClientHello."
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+ {
+ if( ( ssl->session_negotiate->ticket != NULL ) &&
+ ( ssl->session_negotiate->ticket_len != 0 ) )
+ {
+ session_id_len = 32;
+ }
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ /*
+ * Create a legacy session identifier for the purpose of middlebox
+ * compatibility only if one has not been created already, which is
+ * the case if we are here for the TLS 1.3 second ClientHello.
+ *
+ * Versions of TLS before TLS 1.3 supported a "session resumption"
+ * feature which has been merged with pre-shared keys in TLS 1.3
+ * version. A client which has a cached session ID set by a pre-TLS 1.3
+ * server SHOULD set this field to that value. In compatibility mode,
+ * this field MUST be non-empty, so a client not offering a pre-TLS 1.3
+ * session MUST generate a new 32-byte value. This value need not be
+ * random but SHOULD be unpredictable to avoid implementations fixating
+ * on a specific value (also known as ossification). Otherwise, it MUST
+ * be set as a zero-length vector ( i.e., a zero-valued single byte
+ * length field ).
+ */
+ session_id_len = 32;
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
+ if( session_id_len != ssl->session_negotiate->id_len )
+ {
+ ssl->session_negotiate->id_len = session_id_len;
+ if( session_id_len > 0 )
+ {
+ ret = ssl->conf->f_rng( ssl->conf->p_rng,
+ ssl->session_negotiate->id,
+ session_id_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "creating session id failed", ret );
+ return( ret );
+ }
+ }
+ }
+
+ return( 0 );
+}
+
+/*
+ * Write ClientHello handshake message.
+ * Handler for MBEDTLS_SSL_CLIENT_HELLO
+ */
+int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_prepare_client_hello( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_write_client_hello_body( ssl, buf,
+ buf + buf_len,
+ &msg_len ) );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ssl->out_msglen = msg_len + 4;
+ mbedtls_ssl_send_flight_completed( ssl );
+
+ /*
+ * The two functions below may try to send data on the network and
+ * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they
+ * fail to do so and the transmission has to be retried later. In that
+ * case as in fatal error cases, we return immediately. But we must have
+ * set the handshake state to the next state at that point to ensure
+ * that we will not write and send again a ClientHello when we
+ * eventually succeed in sending the pending data.
+ */
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
+ return( ret );
+ }
+
+ if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
+ {
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ buf, msg_len );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
+ buf_len,
+ msg_len ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+ }
+
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+ return ret;
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_CLI_C */
diff --git a/library/ssl_client.h b/library/ssl_client.h
new file mode 100644
index 0000000..8e0c216
--- /dev/null
+++ b/library/ssl_client.h
@@ -0,0 +1,33 @@
+/**
+ * TLS 1.2 and 1.3 client-side functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_SSL_CLIENT_H
+#define MBEDTLS_SSL_CLIENT_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_SSL_TLS_C)
+#include "ssl_misc.h"
+#endif
+
+#include <stddef.h>
+
+int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );
+
+#endif /* MBEDTLS_SSL_CLIENT_H */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 358169e..3be4b45 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -68,15 +68,21 @@
void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
+#else
mbedtls_md_init( &ctx->hmac_ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
ctx->serial = 0;
#endif
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
@@ -86,11 +92,15 @@
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( ctx->psa_hmac_key );
+#else
mbedtls_md_free( &ctx->hmac_ctx );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &ctx->mutex );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
}
@@ -99,6 +109,33 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg;
+
+ (void)f_rng;
+ (void)p_rng;
+
+ alg = mbedtls_psa_translate_md( COOKIE_MD );
+ if( alg == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
+ COOKIE_HMAC_LEN );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
+
+ if( ( status = psa_generate_key( &attributes,
+ &ctx->psa_hmac_key ) ) != PSA_SUCCESS )
+ {
+ return psa_ssl_status_to_mbedtls( status );
+ }
+#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[COOKIE_MD_OUTLEN];
@@ -114,10 +151,12 @@
return( ret );
mbedtls_platform_zeroize( key, sizeof( key ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( 0 );
}
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Generate the HMAC part of a cookie
*/
@@ -143,6 +182,7 @@
return( 0 );
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/*
* Generate cookie for DTLS ClientHello verification
@@ -151,6 +191,11 @@
unsigned char **p, unsigned char *end,
const unsigned char *cli_id, size_t cli_id_len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t sign_mac_length = 0;
+#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long t;
@@ -169,6 +214,41 @@
MBEDTLS_PUT_UINT32_BE(t, *p, 0);
*p += 4;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, ctx->psa_hmac_key,
+ ctx->psa_hmac_alg );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, *p - 4, 4 );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cli_id, cli_id_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ *p += COOKIE_HMAC_LEN;
+
+ ret = 0;
+#else
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
@@ -182,7 +262,14 @@
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ status = psa_mac_abort( &operation );
+ if( status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( ret );
}
@@ -193,9 +280,14 @@
const unsigned char *cookie, size_t cookie_len,
const unsigned char *cli_id, size_t cli_id_len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#else
unsigned char ref_hmac[COOKIE_HMAC_LEN];
- int ret = 0;
unsigned char *p = ref_hmac;
+#endif
+ int ret = 0;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long cur_time, cookie_time;
@@ -205,6 +297,40 @@
if( cookie_len != COOKIE_LEN )
return( -1 );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_verify_setup( &operation, ctx->psa_hmac_key,
+ ctx->psa_hmac_alg );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cookie, 4 );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cli_id,
+ cli_id_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_verify_finish( &operation, cookie + 4,
+ COOKIE_HMAC_LEN );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ ret = 0;
+#else
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
@@ -231,6 +357,7 @@
ret = -1;
goto exit;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time( NULL );
@@ -250,7 +377,13 @@
}
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_abort( &operation );
+ if( status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#else
mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( ret );
}
#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 2fc4163..29b64dc 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -33,11 +33,13 @@
const char *mbedtls_ssl_states_str( mbedtls_ssl_states in );
+const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in );
+
const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in );
const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in );
-
+const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
#endif /* MBEDTLS_DEBUG_C */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 40e4aaf..966764a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -27,8 +27,9 @@
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
#endif
#if defined(MBEDTLS_MD5_C)
@@ -51,44 +52,13 @@
#include "mbedtls/ecjpake.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#include "common.h"
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
-/* Legacy minor version numbers as defined by:
- * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
- * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
- *
- * We no longer support these versions, but some code still references those
- * constants as part of negotiating with the peer, so keep them available
- * internally.
- */
-#define MBEDTLS_SSL_MINOR_VERSION_1 1
-#define MBEDTLS_SSL_MINOR_VERSION_2 2
-
-/* Determine minimum supported version */
-#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-
-/* Determine maximum supported version */
-#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
defined(MBEDTLS_SSL_CLI_C) && \
@@ -256,12 +226,17 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
)
-/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
-#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
+/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */
+#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534
+
+/* Minimum size in bytes of list in signature algorithms ext., RFC 5246/8446 */
+#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
+#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
+
/*
* Check that we obey the standard's message size bounds
*/
@@ -527,8 +502,6 @@
{
/* Frequently-used boolean or byte fields (placed early to take
* advantage of smaller code size for indirect access on Arm Thumb) */
- uint8_t max_major_ver; /*!< max. major version client*/
- uint8_t max_minor_ver; /*!< max. minor version client*/
uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/
@@ -540,6 +513,28 @@
uint8_t new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_CLI_C)
+ /** Minimum TLS version to be negotiated.
+ *
+ * It is set up in the ClientHello writing preparation stage and used
+ * throughout the ClientHello writing. Not relevant anymore as soon as
+ * the protocol version has been negotiated thus as soon as the
+ * ServerHello is received.
+ * For a fresh handshake not linked to any previous handshake, it is
+ * equal to the configured minimum minor version to be negotiated. When
+ * renegotiating or resuming a session, it is equal to the previously
+ * negotiated minor version.
+ *
+ * There is no maximum TLS version field in this handshake context.
+ * From the start of the handshake, we need to define a current protocol
+ * version for the record layer which we define as the maximum TLS
+ * version to be negotiated. The `tls_version` field of the SSL context is
+ * used to store this maximum value until it contains the actual
+ * negotiated value.
+ */
+ mbedtls_ssl_protocol_version min_tls_version;
+#endif
+
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
uint8_t extended_ms; /*!< use Extended Master Secret? */
#endif
@@ -554,6 +549,7 @@
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
unsigned char group_list_heap_allocated;
+ unsigned char sig_algs_heap_allocated;
#endif
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@@ -585,13 +581,29 @@
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_CLI_C)
+ /** Number of Hello Retry Request messages received from the server. */
+ int hello_retry_request_count;
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ /** selected_group of key_share extension in HelloRetryRequest message. */
+ uint16_t hrr_selected_group;
+#endif /* MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
+#endif
+
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
const uint16_t *group_list;
+ const uint16_t *sig_algs;
#endif
#if defined(MBEDTLS_DHM_C)
@@ -599,20 +611,23 @@
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
+ * to guards in client and server code. There is a gap in functionality that
+ * access to ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not
+ * seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_key_type_t ecdh_psa_type;
- uint16_t ecdh_bits;
- psa_key_id_t ecdh_psa_privkey;
+ size_t ecdh_bits;
+ mbedtls_svc_key_id_t ecdh_psa_privkey;
+ uint8_t ecdh_psa_privkey_is_external;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -630,7 +645,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
+ mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< PSK from the callback */
size_t psk_len; /*!< Length of PSK from callback */
@@ -680,15 +695,25 @@
} buffering;
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
+ * HelloRetryRequest cookie for TLS 1.3 */
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
+ * length
+ * Srv: flag for sending a cookie */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
- unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
- Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length
- Srv: flag for sending a cookie */
-
uint32_t retransmit_timeout; /*!< Current value of timeout */
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
@@ -725,7 +750,6 @@
/*
* Checksum contexts
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
@@ -740,7 +764,6 @@
mbedtls_sha512_context fin_sha512;
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t offered_group_id; /* The NamedGroup value for the group
@@ -752,6 +775,12 @@
* but can be overwritten by the HRR. */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_CLI_C)
+ uint8_t client_auth; /*!< used to check if CertificateRequest has been
+ received from server side. If CertificateRequest
+ has been received, Certificate and CertificateVerify
+ should be sent to server */
+#endif /* MBEDTLS_SSL_CLI_C */
/*
* State-local variables used during the processing
* of a specific handshake state.
@@ -795,6 +824,11 @@
represents an extension and defined
as \c MBEDTLS_SSL_EXT_XXX */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ unsigned char certificate_request_context_len;
+ unsigned char *certificate_request_context;
+#endif
+
union
{
unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE];
@@ -813,6 +847,11 @@
* The library does not use it internally. */
void *user_async_ctx;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ const unsigned char *sni_name; /*!< raw SNI */
+ size_t sni_name_len; /*!< raw SNI len */
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
};
typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
@@ -886,7 +925,7 @@
* and indicates the length of the static part of the IV which is
* constant throughout the communication, and which is stored in
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
- * - minor_ver denotes the SSL/TLS version
+ * - tls_version denotes the 2-byte TLS version
* - For stream/CBC transformations, maclen denotes the length of the
* authentication tag, while taglen is unused and 0.
* - For AEAD transformations, taglen denotes the length of the
@@ -912,8 +951,14 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */
+ mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */
+ psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */
+#else
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
@@ -921,9 +966,16 @@
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ mbedtls_ssl_protocol_version tls_version;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
+ mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */
+ psa_algorithm_t psa_alg; /*!< psa algorithm */
+#else
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
- int minor_ver;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
@@ -1036,6 +1088,25 @@
};
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+/**
+ * \brief Given an SSL context and its associated configuration, write the TLS
+ * 1.2 specific extensions of the ClientHello message.
+ *
+ * \param[in] ssl SSL context
+ * \param[in] buf Base address of the buffer where to write the extensions
+ * \param[in] end End address of the buffer where to write the extensions
+ * \param uses_ec Whether one proposed ciphersuite uses an elliptic curve
+ * (<> 0) or not ( 0 ).
+ * \param[out] out_len Length of the data written into the buffer \p buf
+ */
+int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ int uses_ec,
+ size_t *out_len );
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1083,21 +1154,22 @@
void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen );
-#endif
-
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_states state )
+{
+ ssl->state = ( int ) state;
+}
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
@@ -1183,14 +1255,27 @@
unsigned update_hs_digest );
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+/*
+ * Write handshake message header
+ */
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
+ unsigned char **buf, size_t *buf_len );
+
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
- int update_checksum );
+ int update_checksum,
+ int force_flush );
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
+ return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) );
}
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+/*
+ * Write handshake message tail
+ */
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len, size_t msg_len );
+
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
@@ -1205,8 +1290,20 @@
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+/*
+ * Update checksum of handshake messages.
+ */
+void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len );
+
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
+ mbedtls_key_exchange_type_t key_ex );
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
+int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
+#endif
/**
* Get the first defined PSK by order of precedence:
@@ -1247,7 +1344,7 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
* Return an opaque PSK
*/
-static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
+static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
const mbedtls_ssl_context *ssl )
{
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
@@ -1258,6 +1355,7 @@
return( MBEDTLS_SVC_KEY_ID_INIT );
}
+
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -1270,15 +1368,14 @@
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
-#if defined(MBEDTLS_ECP_C)
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
- mbedtls_md_type_t md );
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
+#if defined(MBEDTLS_ECP_C)
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1338,10 +1435,10 @@
uint32_t *flags );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_write_version( int major, int minor, int transport,
- unsigned char ver[2] );
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
- const unsigned char ver[2] );
+void mbedtls_ssl_write_version( unsigned char version[2], int transport,
+ mbedtls_ssl_protocol_version tls_version );
+uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
+ int transport );
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
@@ -1440,6 +1537,8 @@
void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
+void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
+ int partial );
/*
* Send pending alert
@@ -1480,42 +1579,48 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{
- if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
- conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
- return( 1 );
- }
- return( 0 );
+ return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
{
- if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- return( 1 );
- }
- return( 0 );
+ return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
+ conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
+static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
- if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
- return( 1 );
- }
- return( 0 );
+ return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -1526,6 +1631,20 @@
void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
/**
+ * \brief Given an SSL context and its associated configuration, write the TLS
+ * 1.3 specific extensions of the ClientHello message.
+ *
+ * \param[in] ssl SSL context
+ * \param[in] buf Base address of the buffer where to write the extensions
+ * \param[in] end End address of the buffer where to write the extensions
+ * \param[out] out_len Length of the data written into the buffer \p buf
+ */
+int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len );
+
+/**
* \brief TLS 1.3 client side state machine entry
*
* \param ssl SSL context
@@ -1627,30 +1746,6 @@
}
/*
- * Helper functions for NamedGroup.
- */
-static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
-{
- return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
-}
-
-static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
-{
- return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
-}
-
-static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
- mbedtls_ssl_states state )
-{
- ssl->state = ( int ) state;
-}
-
-/*
* Fetch TLS 1.3 handshake message header
*/
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
@@ -1659,18 +1754,23 @@
size_t *buf_len );
/*
- * Write TLS 1.3 handshake message header
- */
-int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
-
-/*
* Handler of TLS 1.3 server certificate message
*/
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Handler of TLS 1.3 write Certificate message
+ */
+int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl );
+
+/*
+ * Handler of TLS 1.3 write Certificate Verify message
+ */
+int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
/*
* Generic handler of Certificate Verify
*/
@@ -1681,38 +1781,19 @@
*/
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
-/*
- * Write TLS 1.3 handshake message tail
- */
-int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
- size_t buf_len,
- size_t msg_len );
+int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len );
-
-/*
- * Update checksum of handshake messages.
- */
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
- * Write TLS 1.3 Signature Algorithm extension
+ * Parse TLS 1.3 Signature Algorithm extension
*/
-int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len);
-
+int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
/* Get handshake transcript */
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md,
@@ -1743,4 +1824,432 @@
#endif
}
+/*
+ * Helper functions for NamedGroup.
+ */
+static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
+{
+ /*
+ * RFC 8422 section 5.1.1
+ */
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
+ /* Below deprected curves should be removed with notice to users */
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
+{
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
+{
+ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
+}
+
+static inline int mbedtls_ssl_named_group_is_offered(
+ const mbedtls_ssl_context *ssl, uint16_t named_group )
+{
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ if( group_list == NULL )
+ return( 0 );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ if( *group_list == named_group )
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group )
+{
+#if defined(MBEDTLS_ECDH_C)
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_tls_id( named_group );
+ if( curve_info != NULL )
+ return( 1 );
+ }
+#else
+ ((void) named_group);
+#endif /* MBEDTLS_ECDH_C */
+ return( 0 );
+}
+
+/*
+ * Return supported signature algorithms.
+ *
+ * In future, invocations can be changed to ssl->conf->sig_algs when
+ * mbedtls_ssl_conf_sig_hashes() is deleted.
+ *
+ * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
+ * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been
+ * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
+ * been more recently invoked.
+ *
+ */
+static inline const void *mbedtls_ssl_get_sig_algs(
+ const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL )
+ return( ssl->handshake->sig_algs );
+#endif
+ return( ssl->conf->sig_algs );
+
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+ ((void) ssl);
+ return( NULL );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+}
+
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl,
+ uint16_t own_sig_alg )
+{
+ const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
+ if( sig_alg == NULL )
+ return( 0 );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ {
+ if( *sig_alg == own_sig_alg )
+ return( 1 );
+ }
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
+ uint16_t proposed_sig_alg )
+{
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( 0 );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ {
+ if( *sig_alg == proposed_sig_alg )
+ return( 1 );
+ }
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+{
+ *pk_type = MBEDTLS_PK_NONE;
+ *md_alg = MBEDTLS_MD_NONE;
+
+ switch( sig_alg )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
+
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+static inline int mbedtls_ssl_sig_alg_is_supported(
+ const mbedtls_ssl_context *ssl,
+ const uint16_t sig_alg )
+{
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ /* High byte is hash */
+ unsigned char hash = MBEDTLS_BYTE_1( sig_alg );
+ unsigned char sig = MBEDTLS_BYTE_0( sig_alg );
+
+ switch( hash )
+ {
+#if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_SSL_HASH_MD5:
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_SSL_HASH_SHA1:
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA224_C)
+ case MBEDTLS_SSL_HASH_SHA224:
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_HASH_SHA256:
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_SSL_HASH_SHA384:
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_SSL_HASH_SHA512:
+ break;
+#endif
+
+ default:
+ return( 0 );
+ }
+
+ switch( sig )
+ {
+#if defined(MBEDTLS_RSA_C)
+ case MBEDTLS_SSL_SIG_RSA:
+ break;
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+ case MBEDTLS_SSL_SIG_ECDSA:
+ break;
+#endif
+
+ default:
+ return( 0 );
+ }
+
+ return( 1 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ mbedtls_pk_type_t pk_type;
+ mbedtls_md_type_t md_alg;
+ return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ sig_alg, &pk_type, &md_alg ) );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ ((void) ssl);
+ ((void) sig_alg);
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
+ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
+#elif defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA),
+#elif defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
+#else
+#define MBEDTLS_SSL_SIG_ALG( hash )
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
+ * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
+ * guaranteed to not be a valid PSA algorithm identifier.
+ */
+#define MBEDTLS_SSL_NULL_CIPHER 0x04000000
+
+/**
+ * \brief Translate mbedtls cipher type/taglen pair to psa:
+ * algorithm, key type and key size.
+ *
+ * \param mbedtls_cipher_type [in] given mbedtls cipher type
+ * \param taglen [in] given tag length
+ * 0 - default tag length
+ * \param alg [out] corresponding PSA alg
+ * There is no corresponding PSA
+ * alg for MBEDTLS_CIPHER_NULL, so
+ * in this case MBEDTLS_SSL_NULL_CIPHER
+ * is returned via this parameter
+ * \param key_type [out] corresponding PSA key type
+ * \param key_size [out] corresponding PSA key size
+ *
+ * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if
+ * conversion is not supported.
+ */
+psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
+ size_t taglen,
+ psa_algorithm_t *alg,
+ psa_key_type_t *key_type,
+ size_t *key_size );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/**
+ * \brief Convert given PSA status to mbedtls error code.
+ *
+ * \param status [in] given PSA status
+ *
+ * \return corresponding mbedtls error code
+ */
+static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_SUCCESS:
+ return( 0 );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_INVALID_SIGNATURE:
+ return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ case PSA_ERROR_INVALID_ARGUMENT:
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ case PSA_ERROR_BAD_STATE:
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ default:
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ }
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_ECDH_C)
+
+int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t buf_len );
+
+#endif /* MBEDTLS_ECDH_C */
+
+static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
+ mbedtls_ssl_context *ssl, int cipher_suite )
+{
+ const int *ciphersuite_list = ssl->conf->ciphersuite_list;
+
+ /* Check whether we have offered this ciphersuite */
+ for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
+ {
+ if( ciphersuite_list[i] == cipher_suite )
+ {
+ return( 1 );
+ }
+ }
+ return( 0 );
+}
+
+/**
+ * \brief Validate cipher suite against config in SSL context.
+ *
+ * \param ssl SSL context
+ * \param suite_info Cipher suite to validate
+ * \param min_tls_version Minimal TLS version to accept a cipher suite
+ * \param max_tls_version Maximal TLS version to accept a cipher suite
+ *
+ * \return 0 if valid, negative value otherwise.
+ */
+int mbedtls_ssl_validate_ciphersuite(
+ const mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ mbedtls_ssl_protocol_version min_tls_version,
+ mbedtls_ssl_protocol_version max_tls_version );
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 51eb461..c55c60f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -382,7 +382,8 @@
static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len,
mbedtls_record *rec,
- unsigned minor_ver,
+ mbedtls_ssl_protocol_version
+ tls_version,
size_t taglen )
{
/* Quoting RFC 5246 (TLS 1.2):
@@ -421,7 +422,7 @@
size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
* which differs from the length of the TLSInnerPlaintext
@@ -431,7 +432,7 @@
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{
- ((void) minor_ver);
+ ((void) tls_version);
((void) taglen);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr );
@@ -522,7 +523,9 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_mode_t mode;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
@@ -568,7 +571,9 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
@@ -592,7 +597,7 @@
* is hence no risk of double-addition of the inner plaintext.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
size_t padding =
ssl_compute_padding_length( rec->data_len,
@@ -649,8 +654,13 @@
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
+ ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING
+#else
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
+#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
&& transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
@@ -664,11 +674,35 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t sign_mac_length = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
if( ret != 0 )
@@ -682,6 +716,7 @@
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
if( ret != 0 )
goto hmac_failed_etm_disabled;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy( data + rec->data_len, mac, transform->maclen );
#endif
@@ -695,6 +730,12 @@
hmac_failed_etm_disabled:
mbedtls_platform_zeroize( mac, transform->maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
@@ -707,28 +748,18 @@
* Encrypt
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
+#else
if( mode == MBEDTLS_MODE_STREAM )
+#endif
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t olen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding",
rec->data_len, 0 ) );
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
- transform->iv_enc, transform->ivlen,
- data, rec->data_len,
- data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
- }
-
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ /* The only supported stream cipher is "NULL",
+ * so there's nothing to do here.*/
}
else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
@@ -736,16 +767,23 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
+#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
int dynamic_iv_is_explicit =
ssl_transform_aead_dynamic_iv_is_explicit( transform );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Check that there's space for the authentication tag. */
if( post_avail < transform->taglen )
@@ -780,7 +818,7 @@
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
@@ -797,7 +835,22 @@
/*
* Encrypt and authenticate
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_aead_encrypt( transform->psa_key_enc,
+ transform->psa_alg,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len,
+ data, rec->buf_len - (data - rec->buf),
+ &rec->data_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret );
+ return( ret );
+ }
+#else
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len,
@@ -809,6 +862,8 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len - transform->taglen,
transform->taglen );
@@ -836,11 +891,20 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
+#else
if( mode == MBEDTLS_MODE_CBC )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
size_t olen;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t part_len;
+ psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Currently we're always using minimal padding
* (up to 255 bytes would be allowed). */
@@ -894,6 +958,53 @@
rec->data_len, transform->ivlen,
padlen + 1 ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_cipher_encrypt_setup( &cipher_op,
+ transform->psa_key_enc, transform->psa_alg );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_encrypt_setup", ret );
+ return( ret );
+ }
+
+ status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
+ return( ret );
+
+ }
+
+ status = psa_cipher_update( &cipher_op,
+ data, rec->data_len,
+ data, rec->data_len, &olen );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
+ return( ret );
+
+ }
+
+ status = psa_cipher_finish( &cipher_op,
+ data + olen, rec->data_len - olen,
+ &part_len );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
+ return( ret );
+
+ }
+
+ olen += part_len;
+#else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
@@ -903,6 +1014,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( rec->data_len != olen )
{
@@ -918,6 +1030,10 @@
if( auth_done == 0 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ size_t sign_mac_length = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* MAC(MAC_write_key, seq_num +
@@ -935,12 +1051,31 @@
}
ssl_extract_add_data_from_record( add_data, &add_data_len,
- rec, transform->minor_ver,
+ rec, transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
@@ -956,6 +1091,7 @@
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
if( ret != 0 )
goto hmac_failed_etm_enabled;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy( data + rec->data_len, mac, transform->maclen );
@@ -965,6 +1101,12 @@
hmac_failed_etm_enabled:
mbedtls_platform_zeroize( mac, transform->maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
@@ -997,8 +1139,15 @@
mbedtls_record *rec )
{
size_t olen;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int ret;
+
+#else
mbedtls_cipher_mode_t mode;
- int ret, auth_done = 0;
+ int ret;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
@@ -1022,7 +1171,9 @@
}
data = rec->buf + rec->data_offset;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
@@ -1036,37 +1187,34 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
+#else
if( mode == MBEDTLS_MODE_STREAM )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
- padlen = 0;
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
- transform->iv_dec,
- transform->ivlen,
- data, rec->data_len,
- data, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
- return( ret );
- }
-
- if( rec->data_len != olen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ /* The only supported stream cipher is "NULL",
+ * so there's nothing to do here.*/
}
else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
+#else
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Extract dynamic part of nonce for AEAD decryption.
@@ -1123,7 +1271,7 @@
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
@@ -1141,6 +1289,22 @@
/*
* Decrypt and authenticate
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_aead_decrypt( transform->psa_key_dec,
+ transform->psa_alg,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len + transform->taglen,
+ data, rec->buf_len - (data - rec->buf),
+ &olen );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_decrypt", ret );
+ return( ret );
+ }
+#else
if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
iv, transform->ivlen,
add_data, add_data_len,
@@ -1155,6 +1319,8 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
auth_done++;
/* Double-check that AEAD decryption doesn't change content length. */
@@ -1167,9 +1333,18 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
+#else
if( mode == MBEDTLS_MODE_CBC )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
size_t minlen = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t part_len;
+ psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Check immediate ciphertext sanity
@@ -1218,7 +1393,11 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#else
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
@@ -1234,12 +1413,32 @@
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
/* Calculate expected MAC. */
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_verify_setup( &operation, transform->psa_mac_dec,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ /* Compare expected MAC with MAC at the end of the record. */
+ status = psa_mac_verify_finish( &operation, data + rec->data_len,
+ transform->maclen );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
if( ret != 0 )
@@ -1268,10 +1467,18 @@
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
goto hmac_failed_etm_enabled;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
auth_done++;
hmac_failed_etm_enabled:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#else
mbedtls_platform_zeroize( mac_expect, transform->maclen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
@@ -1310,6 +1517,51 @@
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_cipher_decrypt_setup( &cipher_op,
+ transform->psa_key_dec, transform->psa_alg );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_decrypt_setup", ret );
+ return( ret );
+ }
+
+ status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
+ return( ret );
+ }
+
+ status = psa_cipher_update( &cipher_op,
+ data, rec->data_len,
+ data, rec->data_len, &olen );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
+ return( ret );
+ }
+
+ status = psa_cipher_finish( &cipher_op,
+ data + olen, rec->data_len - olen,
+ &part_len );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
+ return( ret );
+ }
+
+ olen += part_len;
+#else
+
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec, transform->ivlen,
data, rec->data_len, data, &olen ) ) != 0 )
@@ -1317,6 +1569,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Double-check that length hasn't changed during decryption. */
if( rec->data_len != olen )
@@ -1445,7 +1698,7 @@
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1462,10 +1715,18 @@
const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = mbedtls_ct_hmac( transform->psa_mac_dec,
+ transform->psa_mac_alg,
+ add_data, add_data_len,
+ data, rec->data_len, min_len, max_len,
+ mac_expect );
+#else
ret = mbedtls_ct_hmac( &transform->md_ctx_dec,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
@@ -1515,7 +1776,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* Remove inner padding and infer true content type. */
ret = ssl_parse_inner_plaintext( data, &rec->data_len,
@@ -1661,7 +1922,7 @@
{
len = in_buf_len - ( ssl->in_hdr - ssl->in_buf );
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
timeout = ssl->handshake->retransmit_timeout;
else
timeout = ssl->conf->read_timeout;
@@ -1685,7 +1946,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
mbedtls_ssl_set_timer( ssl, 0 );
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
if( ssl_double_retransmit_timeout( ssl ) != 0 )
{
@@ -1998,7 +2259,7 @@
( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
- uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
+ int const force_flush = ssl->disable_datagram_packing == 1 ?
SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
/* Swap epochs before sending Finished: we can't do it after
@@ -2120,7 +2381,7 @@
return( ret );
/* Update state and set timer */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
else
{
@@ -2185,6 +2446,24 @@
/*
* Handshake layer functions
*/
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
+ unsigned char **buf, size_t *buf_len )
+{
+ /*
+ * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
+ * ...
+ * HandshakeType msg_type;
+ * uint24 length;
+ * ...
+ */
+ *buf = ssl->out_msg + 4;
+ *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+
+ ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = hs_type;
+
+ return( 0 );
+}
/*
* Write (DTLS: or queue) current handshake (including CCS) message.
@@ -2209,7 +2488,8 @@
* - ssl->out_msg: the record contents (handshake headers + content)
*/
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
- int update_checksum )
+ int update_checksum,
+ int force_flush )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4;
@@ -2336,7 +2616,7 @@
else
#endif
{
- if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret );
@@ -2348,6 +2628,22 @@
return( 0 );
}
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len, size_t msg_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t msg_with_header_len;
+ ((void) buf_len);
+
+ /* Add reserved 4 bytes for handshake header */
+ msg_with_header_len = msg_len + 4;
+ ssl->out_msglen = msg_with_header_len;
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0, 0 ) );
+
+cleanup:
+ return( ret );
+}
+
/*
* Record layer functions
*/
@@ -2360,11 +2656,11 @@
* - ssl->out_msglen: length of the record content (excl headers)
* - ssl->out_msg: record content
*/
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
{
int ret, done = 0;
size_t len = ssl->out_msglen;
- uint8_t flush = force_flush;
+ int flush = force_flush;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
@@ -2379,15 +2675,15 @@
#endif
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
- int minor_ver = ssl->minor_ver;
+ mbedtls_ssl_protocol_version tls_ver = ssl->tls_version;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 still uses the TLS 1.2 version identifier
* for backwards compatibility. */
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+ if( tls_ver == MBEDTLS_SSL_VERSION_TLS1_3 )
+ tls_ver = MBEDTLS_SSL_VERSION_TLS1_2;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
- mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
- ssl->conf->transport, ssl->out_hdr + 1 );
+ mbedtls_ssl_write_version( ssl->out_hdr + 1, ssl->conf->transport,
+ tls_ver );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
@@ -2402,8 +2698,7 @@
rec.data_offset = ssl->out_msg - rec.buf;
memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
- mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
- ssl->conf->transport, rec.ver );
+ mbedtls_ssl_write_version( rec.ver, ssl->conf->transport, tls_ver );
rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2676,9 +2971,9 @@
}
if( ssl->handshake != NULL &&
- ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
- ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ( mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{
if( recv_msg_seq > ssl->handshake->in_msg_seq )
@@ -2744,7 +3039,7 @@
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL )
{
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
}
@@ -3125,7 +3420,7 @@
size_t len,
mbedtls_record *rec )
{
- int major_ver, minor_ver;
+ mbedtls_ssl_protocol_version tls_version;
size_t const rec_hdr_type_offset = 0;
size_t const rec_hdr_type_len = 1;
@@ -3235,19 +3530,12 @@
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
- mbedtls_ssl_read_version( &major_ver, &minor_ver,
- ssl->conf->transport,
- &rec->ver[0] );
+ tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
+ ssl->conf->transport );
- if( major_ver != ssl->major_ver )
+ if( tls_version > ssl->conf->max_tls_version )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-
- if( minor_ver > ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -3279,9 +3567,8 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
- "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
- rec->type,
- major_ver, minor_ver, rec->data_len ) );
+ "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET,
+ rec->type, (unsigned)tls_version, rec->data_len ) );
rec->buf = buf;
rec->buf_len = rec->data_offset + rec->data_len;
@@ -3365,7 +3652,7 @@
*/
if( rec_epoch == 0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_left > 13 &&
ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
@@ -3397,7 +3684,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->transform_in != NULL &&
- ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1;
@@ -3453,7 +3740,7 @@
if( rec->data_len == 0 )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
&& rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
@@ -4456,7 +4743,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -4522,7 +4809,7 @@
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+ mbedtls_ssl_is_handshake_over( ssl ) == 0
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
@@ -4534,7 +4821,7 @@
}
if( ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
}
@@ -4560,6 +4847,9 @@
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( ssl->out_left != 0 )
+ return( mbedtls_ssl_flush_output( ssl ) );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
@@ -4672,9 +4962,6 @@
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- return( 0 );
-
return( transform->ivlen - transform->fixed_ivlen );
}
@@ -4857,12 +5144,53 @@
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
if( transform == NULL )
return( (int) out_hdr_len );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if ( transform->psa_alg == PSA_ALG_GCM ||
+ transform->psa_alg == PSA_ALG_CCM ||
+ transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) ||
+ transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ||
+ transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
+ {
+ transform_expansion = transform->minlen;
+ }
+ else if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
+ {
+ (void) psa_get_key_attributes( transform->psa_key_enc, &attr );
+ key_type = psa_get_key_type( &attr );
+
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
+
+ /* Expansion due to the addition of the MAC. */
+ transform_expansion += transform->maclen;
+
+ /* Expansion due to the addition of CBC padding;
+ * Theoretically up to 256 bytes, but we never use
+ * more than the block size of the underlying cipher. */
+ transform_expansion += block_size;
+
+ /* For TLS 1.2 or higher, an explicit IV is added
+ * after the record header. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ transform_expansion += block_size;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+#else
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
{
case MBEDTLS_MODE_GCM:
@@ -4897,6 +5225,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( transform->out_cid_len != 0 )
@@ -4916,7 +5245,7 @@
int in_ctr_cmp;
int out_ctr_cmp;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
{
@@ -5094,7 +5423,7 @@
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
ret = mbedtls_ssl_handshake( ssl );
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
@@ -5205,7 +5534,7 @@
/* We're going to return something now, cancel timer,
* except if handshake (renegotiation) is in progress */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
mbedtls_ssl_set_timer( ssl, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -5349,7 +5678,7 @@
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
@@ -5377,10 +5706,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
- if( ssl->out_left != 0 )
- return( mbedtls_ssl_flush_output( ssl ) );
-
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
@@ -5401,12 +5727,22 @@
if( transform == NULL )
return;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( transform->psa_key_enc );
+ psa_destroy_key( transform->psa_key_dec );
+#else
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( transform->psa_mac_enc );
+ psa_destroy_key( transform->psa_mac_dec );
+#else
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
@@ -5467,51 +5803,35 @@
* and, for DTLS, to/from TLS equivalent.
*
* For TLS this is the identity.
- * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
+ * For DTLS, map as follows, then use 1's complement (v -> ~v):
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
+ * DTLS 1.0 is stored as TLS 1.1 internally
*/
-void mbedtls_ssl_write_version( int major, int minor, int transport,
- unsigned char ver[2] )
+void mbedtls_ssl_write_version( unsigned char version[2], int transport,
+ mbedtls_ssl_protocol_version tls_version )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
- --minor; /* DTLS 1.0 stored as TLS 1.1 internally */
-
- ver[0] = (unsigned char)( 255 - ( major - 2 ) );
- ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
- }
- else
+ tls_version =
+ ~( tls_version - ( tls_version == 0x0302 ? 0x0202 : 0x0201 ) );
#else
((void) transport);
#endif
- {
- ver[0] = (unsigned char) major;
- ver[1] = (unsigned char) minor;
- }
+ MBEDTLS_PUT_UINT16_BE( tls_version, version, 0 );
}
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
- const unsigned char ver[2] )
+uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
+ int transport )
{
+ uint16_t tls_version = MBEDTLS_GET_UINT16_BE( version, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- *major = 255 - ver[0] + 2;
- *minor = 255 - ver[1] + 1;
-
- if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
- ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
- }
- else
+ tls_version =
+ ~( tls_version - ( tls_version == 0xfeff ? 0x0202 : 0x0201 ) );
#else
((void) transport);
#endif
- {
- *major = ver[0];
- *minor = ver[1];
- }
+ return tls_version;
}
/*
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e998111..7f65849 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -48,9 +48,9 @@
#endif
}
-#define MAX_KEY_BYTES 32 /* 256 bits */
+#define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES
-#define TICKET_KEY_NAME_BYTES 4
+#define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES
#define TICKET_IV_BYTES 12
#define TICKET_CRYPT_LEN_BYTES 2
#define TICKET_AUTH_TAG_BYTES 16
@@ -73,6 +73,10 @@
unsigned char buf[MAX_KEY_BYTES];
mbedtls_ssl_ticket_key *key = ctx->keys + index;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+#endif
+
#if defined(MBEDTLS_HAVE_TIME)
key->generation_time = (uint32_t) mbedtls_time( NULL );
#endif
@@ -83,10 +87,23 @@
if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
return( ret );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, key->alg );
+ psa_set_key_type( &attributes, key->key_type );
+ psa_set_key_bits( &attributes, key->key_bits );
+
+ ret = psa_ssl_status_to_mbedtls(
+ psa_import_key( &attributes, buf,
+ PSA_BITS_TO_BYTES( key->key_bits ),
+ &key->key ) );
+#else
/* With GCM and CCM, same context can encrypt & decrypt */
ret = mbedtls_cipher_setkey( &key->ctx, buf,
mbedtls_cipher_get_key_bitlen( &key->ctx ),
MBEDTLS_ENCRYPT );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -106,6 +123,10 @@
uint32_t current_time = (uint32_t) mbedtls_time( NULL );
uint32_t key_time = ctx->keys[ctx->active].generation_time;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
if( current_time >= key_time &&
current_time - key_time < ctx->ticket_lifetime )
{
@@ -114,6 +135,13 @@
ctx->active = 1 - ctx->active;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = psa_destroy_key( ctx->keys[ctx->active].key ) ) != PSA_SUCCESS )
+ {
+ return psa_ssl_status_to_mbedtls( status );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
return( ssl_ticket_gen_key( ctx, ctx->active ) );
}
else
@@ -122,6 +150,64 @@
}
/*
+ * Rotate active session ticket encryption key
+ */
+int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
+ const unsigned char *name, size_t nlength,
+ const unsigned char *k, size_t klength,
+ uint32_t lifetime )
+{
+ const unsigned char idx = 1 - ctx->active;
+ mbedtls_ssl_ticket_key * const key = ctx->keys + idx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const size_t bitlen = key->key_bits;
+#else
+ const int bitlen = mbedtls_cipher_get_key_bitlen( &key->ctx );
+#endif
+
+ if( nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t)bitlen )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = psa_destroy_key( key->key ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ return( ret );
+ }
+
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, key->alg );
+ psa_set_key_type( &attributes, key->key_type );
+ psa_set_key_bits( &attributes, key->key_bits );
+
+ if( ( status = psa_import_key( &attributes, k,
+ PSA_BITS_TO_BYTES( key->key_bits ),
+ &key->key ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ return( ret );
+ }
+#else
+ ret = mbedtls_cipher_setkey( &key->ctx, k, bitlen, MBEDTLS_ENCRYPT );
+ if( ret != 0 )
+ return( ret );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ ctx->active = idx;
+ ctx->ticket_lifetime = lifetime;
+ memcpy( key->name, name, TICKET_KEY_NAME_BYTES );
+#if defined(MBEDTLS_HAVE_TIME)
+ key->generation_time = (uint32_t) mbedtls_time( NULL );
+#endif
+ return 0;
+}
+
+/*
* Setup context for actual use
*/
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
@@ -132,15 +218,22 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm_t alg;
+ psa_key_type_t key_type;
+ size_t key_bits;
+#endif
+
ctx->f_rng = f_rng;
ctx->p_rng = p_rng;
ctx->ticket_lifetime = lifetime;
- cipher_info = mbedtls_cipher_info_from_type( cipher);
+ cipher_info = mbedtls_cipher_info_from_type( cipher );
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
- mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )
+ mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM &&
+ mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CHACHAPOLY )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -149,26 +242,24 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
- cipher_info, TICKET_AUTH_TAG_BYTES );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- return( ret );
- /* We don't yet expect to support all ciphers through PSA,
- * so allow fallback to ordinary mbedtls_cipher_setup(). */
- if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( mbedtls_ssl_cipher_to_psa( cipher_info->type, TICKET_AUTH_TAG_BYTES,
+ &alg, &key_type, &key_bits ) != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ctx->keys[0].alg = alg;
+ ctx->keys[0].key_type = key_type;
+ ctx->keys[0].key_bits = key_bits;
+
+ ctx->keys[1].alg = alg;
+ ctx->keys[1].key_type = key_type;
+ ctx->keys[1].key_bits = key_bits;
+#else
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
return( ret );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
- cipher_info, TICKET_AUTH_TAG_BYTES );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- return( ret );
- if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
return( ret );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
@@ -209,6 +300,10 @@
unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
size_t clear_len, ciph_len;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
*tlen = 0;
if( ctx == NULL || ctx->f_rng == NULL )
@@ -246,6 +341,17 @@
MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
/* Encrypt and authenticate */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = psa_aead_encrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+ key_name, TICKET_ADD_DATA_LEN,
+ state, clear_len,
+ state, end - state,
+ &ciph_len ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+#else
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
iv, TICKET_IV_BYTES,
/* Additional data: key name, IV and length */
@@ -256,6 +362,8 @@
{
goto cleanup;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
{
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -306,6 +414,10 @@
unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
size_t enc_len, clear_len;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
if( ctx == NULL || ctx->f_rng == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -338,6 +450,16 @@
}
/* Decrypt and authenticate */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = psa_aead_decrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+ key_name, TICKET_ADD_DATA_LEN,
+ ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+ ticket, enc_len, &clear_len ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+#else
if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
iv, TICKET_IV_BYTES,
/* Additional data: key name, IV and length */
@@ -351,6 +473,8 @@
goto cleanup;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( clear_len != enc_len )
{
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -389,8 +513,13 @@
*/
void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( ctx->keys[0].key );
+ psa_destroy_key( ctx->keys[1].key );
+#else
mbedtls_cipher_free( &ctx->keys[0].ctx );
mbedtls_cipher_free( &ctx->keys[1].ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &ctx->mutex );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d868e49..7804cb7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -25,15 +25,21 @@
#if defined(MBEDTLS_SSL_TLS_C)
+#include <assert.h>
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
+#include <stdio.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
-#endif
+#define mbedtls_printf printf
+#endif /* !MBEDTLS_PLATFORM_C */
#include "mbedtls/ssl.h"
+#include "ssl_client.h"
+#include "ssl_debug_helpers.h"
#include "ssl_misc.h"
#include "mbedtls/debug.h"
#include "mbedtls/error.h"
@@ -108,6 +114,34 @@
return( 0 );
}
+int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *own_cid_len )
+{
+ *enabled = MBEDTLS_SSL_CID_DISABLED;
+
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is
+ * zero as this is indistinguishable from not requesting to use
+ * the CID extension. */
+ if( ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ return( 0 );
+
+ if( own_cid_len != NULL )
+ {
+ *own_cid_len = ssl->own_cid_len;
+ if( own_cid != NULL )
+ memcpy( own_cid, ssl->own_cid, ssl->own_cid_len );
+ }
+
+ *enabled = MBEDTLS_SSL_CID_ENABLED;
+
+ return( 0 );
+}
+
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
@@ -116,7 +150,7 @@
*enabled = MBEDTLS_SSL_CID_DISABLED;
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -330,10 +364,4354 @@
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
+
+static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id );
+
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+/* Type for the TLS PRF */
+typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
+ const unsigned char *, size_t,
+ unsigned char *, size_t);
+
+static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ mbedtls_ssl_protocol_version tls_version,
+ unsigned endpoint,
+ const mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SHA256_C)
+static int tls_prf_sha256( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
+static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
+static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
+
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+static int tls_prf_sha384( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
+
+static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
+static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
+#endif /* MBEDTLS_SHA384_C */
+
+static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len );
+static int ssl_session_load_tls12( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
+
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
+#endif /* MBEDTLS_SHA384_C */
+
+int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
+
+ switch( prf )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_SSL_TLS_PRF_SHA384:
+ tls_prf = tls_prf_sha384;
+ break;
+#endif /* MBEDTLS_SHA384_C */
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_TLS_PRF_SHA256:
+ tls_prf = tls_prf_sha256;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
+{
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( session->peer_cert != NULL )
+ {
+ mbedtls_x509_crt_free( session->peer_cert );
+ mbedtls_free( session->peer_cert );
+ session->peer_cert = NULL;
+ }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( session->peer_cert_digest != NULL )
+ {
+ /* Zeroization is not necessary. */
+ mbedtls_free( session->peer_cert_digest );
+ session->peer_cert_digest = NULL;
+ session->peer_cert_digest_type = MBEDTLS_MD_NONE;
+ session->peer_cert_digest_len = 0;
+ }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
+{
+ ((void) ciphersuite_info);
+
+#if defined(MBEDTLS_SHA384_C)
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ ssl->handshake->update_checksum = ssl_update_checksum_sha384;
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
+ ssl->handshake->update_checksum = ssl_update_checksum_sha256;
+ else
+#endif
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return;
+ }
+}
+
+static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len )
+{
+ unsigned char hs_hdr[4];
+
+ /* Build HS header for checksum update. */
+ hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
+ hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
+ hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
+ hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
+
+ ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
+}
+
+void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len )
+{
+ mbedtls_ssl_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
+ ssl->handshake->update_checksum( ssl, msg, msg_len );
+}
+
+void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
+{
+ ((void) ssl);
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha256_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
+ mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+#endif
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha384_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
+ mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+#endif
+}
+
+static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+#endif
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+#endif
+#endif
+}
+
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+#endif
+}
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+#endif
+}
+#endif
+
+static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+{
+ memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
+
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ handshake->fin_sha256_psa = psa_hash_operation_init();
+ psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
+ mbedtls_sha256_init( &handshake->fin_sha256 );
+ mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
+#endif
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ handshake->fin_sha384_psa = psa_hash_operation_init();
+ psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
+ mbedtls_sha512_init( &handshake->fin_sha512 );
+ mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
+#endif
+#endif
+
+ handshake->update_checksum = ssl_update_checksum_start;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ mbedtls_dhm_init( &handshake->dhm_ctx );
+#endif
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
+ mbedtls_ecdh_init( &handshake->ecdh_ctx );
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
+#if defined(MBEDTLS_SSL_CLI_C)
+ handshake->ecjpake_cache = NULL;
+ handshake->ecjpake_cache_len = 0;
+#endif
+#endif
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_init( &handshake->peer_pubkey );
+#endif
+}
+
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
+{
+ memset( transform, 0, sizeof(mbedtls_ssl_transform) );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
+#else
+ mbedtls_cipher_init( &transform->cipher_ctx_enc );
+ mbedtls_cipher_init( &transform->cipher_ctx_dec );
+#endif
+
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+#else
+ mbedtls_md_init( &transform->md_ctx_enc );
+ mbedtls_md_init( &transform->md_ctx_dec );
+#endif
+#endif
+}
+
+void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
+{
+ memset( session, 0, sizeof(mbedtls_ssl_session) );
+}
+
+static int ssl_handshake_init( mbedtls_ssl_context *ssl )
+{
+ /* Clear old handshake information if present */
+ if( ssl->transform_negotiate )
+ mbedtls_ssl_transform_free( ssl->transform_negotiate );
+ if( ssl->session_negotiate )
+ mbedtls_ssl_session_free( ssl->session_negotiate );
+ if( ssl->handshake )
+ mbedtls_ssl_handshake_free( ssl );
+
+ /*
+ * Either the pointers are now NULL or cleared properly and can be freed.
+ * Now allocate missing structures.
+ */
+ if( ssl->transform_negotiate == NULL )
+ {
+ ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
+ }
+
+ if( ssl->session_negotiate == NULL )
+ {
+ ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
+ }
+
+ if( ssl->handshake == NULL )
+ {
+ ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
+ }
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* If the buffers are too small - reallocate */
+
+ handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
+ MBEDTLS_SSL_OUT_BUFFER_LEN );
+#endif
+
+ /* All pointers should exist and can be directly freed without issue */
+ if( ssl->handshake == NULL ||
+ ssl->transform_negotiate == NULL ||
+ ssl->session_negotiate == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
+
+ mbedtls_free( ssl->handshake );
+ mbedtls_free( ssl->transform_negotiate );
+ mbedtls_free( ssl->session_negotiate );
+
+ ssl->handshake = NULL;
+ ssl->transform_negotiate = NULL;
+ ssl->session_negotiate = NULL;
+
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+
+ /* Initialize structures */
+ mbedtls_ssl_session_init( ssl->session_negotiate );
+ mbedtls_ssl_transform_init( ssl->transform_negotiate );
+ ssl_handshake_params_init( ssl->handshake );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ssl->handshake->alt_transform_out = ssl->transform_out;
+
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+ else
+ ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+
+ mbedtls_ssl_set_timer( ssl, 0 );
+ }
+#endif
+
+/*
+ * curve_list is translated to IANA TLS group identifiers here because
+ * mbedtls_ssl_conf_curves returns void and so can't return
+ * any error codes.
+ */
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ /* Heap allocate and translate curve_list from internal to IANA group ids */
+ if ( ssl->conf->curve_list != NULL )
+ {
+ size_t length;
+ const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
+
+ for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
+ ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
+
+ /* Leave room for zero termination */
+ uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
+ if ( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ for( size_t i = 0; i < length; i++ )
+ {
+ const mbedtls_ecp_curve_info *info =
+ mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
+ if ( info == NULL )
+ {
+ mbedtls_free( group_list );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
+ group_list[i] = info->tls_id;
+ }
+
+ group_list[length] = 0;
+
+ ssl->handshake->group_list = group_list;
+ ssl->handshake->group_list_heap_allocated = 1;
+ }
+ else
+ {
+ ssl->handshake->group_list = ssl->conf->group_list;
+ ssl->handshake->group_list_heap_allocated = 0;
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ /* Heap allocate and translate sig_hashes from internal hash identifiers to
+ signature algorithms IANA identifiers. */
+ if ( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) &&
+ ssl->conf->sig_hashes != NULL )
+ {
+ const int *md;
+ const int *sig_hashes = ssl->conf->sig_hashes;
+ size_t sig_algs_len = 0;
+ uint16_t *p;
+
+#if defined(static_assert)
+ static_assert( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
+ <= ( SIZE_MAX - ( 2 * sizeof(uint16_t) ) ),
+ "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big" );
+#endif
+
+ for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+ {
+ if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE )
+ continue;
+#if defined(MBEDTLS_ECDSA_C)
+ sig_algs_len += sizeof( uint16_t );
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+ sig_algs_len += sizeof( uint16_t );
+#endif
+ if( sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
+
+ if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len +
+ sizeof( uint16_t ));
+ if( ssl->handshake->sig_algs == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ p = (uint16_t *)ssl->handshake->sig_algs;
+ for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+ {
+ unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
+ if( hash == MBEDTLS_SSL_HASH_NONE )
+ continue;
+#if defined(MBEDTLS_ECDSA_C)
+ *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
+ p++;
+#endif
+#if defined(MBEDTLS_RSA_C)
+ *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
+ p++;
+#endif
+ }
+ *p = MBEDTLS_TLS1_3_SIG_NONE;
+ ssl->handshake->sig_algs_heap_allocated = 1;
+ }
+ else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ {
+ ssl->handshake->sig_algs = ssl->conf->sig_algs;
+ ssl->handshake->sig_algs_heap_allocated = 0;
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+/* Dummy cookie callbacks for defaults */
+static int ssl_cookie_write_dummy( void *ctx,
+ unsigned char **p, unsigned char *end,
+ const unsigned char *cli_id, size_t cli_id_len )
+{
+ ((void) ctx);
+ ((void) p);
+ ((void) end);
+ ((void) cli_id);
+ ((void) cli_id_len);
+
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_cookie_check_dummy( void *ctx,
+ const unsigned char *cookie, size_t cookie_len,
+ const unsigned char *cli_id, size_t cli_id_len )
+{
+ ((void) ctx);
+ ((void) cookie);
+ ((void) cookie_len);
+ ((void) cli_id);
+ ((void) cli_id_len);
+
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+
+/*
+ * Initialize an SSL context
+ */
+void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
+{
+ memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
+}
+
+static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
+{
+ const mbedtls_ssl_config *conf = ssl->conf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( mbedtls_ssl_conf_is_tls13_only( conf ) )
+ {
+ if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
+ return( 0 );
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( mbedtls_ssl_conf_is_tls12_only( conf ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
+ return( 0 );
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) )
+ {
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
+ return( 0 );
+ }
+#endif
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+}
+
+static int ssl_conf_check(const mbedtls_ssl_context *ssl)
+{
+ int ret;
+ ret = ssl_conf_version_check( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ /* Space for further checks */
+
+ return( 0 );
+}
+
+/*
+ * Setup an SSL context
+ */
+
+int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_config *conf )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
+
+ ssl->conf = conf;
+
+ if( ( ret = ssl_conf_check( ssl ) ) != 0 )
+ return( ret );
+
+ /*
+ * Prepare base structures
+ */
+
+ /* Set to NULL in case of an error condition */
+ ssl->out_buf = NULL;
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ ssl->in_buf_len = in_buf_len;
+#endif
+ ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
+ if( ssl->in_buf == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto error;
+ }
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ ssl->out_buf_len = out_buf_len;
+#endif
+ ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
+ if( ssl->out_buf == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto error;
+ }
+
+ mbedtls_ssl_reset_in_out_pointers( ssl );
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) );
+#endif
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ goto error;
+
+ return( 0 );
+
+error:
+ mbedtls_free( ssl->in_buf );
+ mbedtls_free( ssl->out_buf );
+
+ ssl->conf = NULL;
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ ssl->in_buf_len = 0;
+ ssl->out_buf_len = 0;
+#endif
+ ssl->in_buf = NULL;
+ ssl->out_buf = NULL;
+
+ ssl->in_hdr = NULL;
+ ssl->in_ctr = NULL;
+ ssl->in_len = NULL;
+ ssl->in_iv = NULL;
+ ssl->in_msg = NULL;
+
+ ssl->out_hdr = NULL;
+ ssl->out_ctr = NULL;
+ ssl->out_len = NULL;
+ ssl->out_iv = NULL;
+ ssl->out_msg = NULL;
+
+ return( ret );
+}
+
+/*
+ * Reset an initialized and used SSL context for re-use while retaining
+ * all application-set variables, function pointers and data.
+ *
+ * If partial is non-zero, keep data in the input buffer and client ID.
+ * (Use when a DTLS client reconnects from the same port.)
+ */
+void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
+ int partial )
+{
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ size_t in_buf_len = ssl->in_buf_len;
+ size_t out_buf_len = ssl->out_buf_len;
+#else
+ size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
+#endif
+
+#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C)
+ partial = 0;
+#endif
+
+ /* Cancel any possibly running timer */
+ mbedtls_ssl_set_timer( ssl, 0 );
+
+ mbedtls_ssl_reset_in_out_pointers( ssl );
+
+ /* Reset incoming message parsing */
+ ssl->in_offt = NULL;
+ ssl->nb_zero = 0;
+ ssl->in_msgtype = 0;
+ ssl->in_msglen = 0;
+ ssl->in_hslen = 0;
+ ssl->keep_current_message = 0;
+ ssl->transform_in = NULL;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ ssl->next_record_offset = 0;
+ ssl->in_epoch = 0;
+#endif
+
+ /* Keep current datagram if partial == 1 */
+ if( partial == 0 )
+ {
+ ssl->in_left = 0;
+ memset( ssl->in_buf, 0, in_buf_len );
+ }
+
+ /* Reset outgoing message writing */
+ ssl->out_msgtype = 0;
+ ssl->out_msglen = 0;
+ ssl->out_left = 0;
+ memset( ssl->out_buf, 0, out_buf_len );
+ memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+ ssl->transform_out = NULL;
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ mbedtls_ssl_dtls_replay_reset( ssl );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->transform )
+ {
+ mbedtls_ssl_transform_free( ssl->transform );
+ mbedtls_free( ssl->transform );
+ ssl->transform = NULL;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_transform_free( ssl->transform_application );
+ mbedtls_free( ssl->transform_application );
+ ssl->transform_application = NULL;
+
+ if( ssl->handshake != NULL )
+ {
+ mbedtls_ssl_transform_free( ssl->handshake->transform_earlydata );
+ mbedtls_free( ssl->handshake->transform_earlydata );
+ ssl->handshake->transform_earlydata = NULL;
+
+ mbedtls_ssl_transform_free( ssl->handshake->transform_handshake );
+ mbedtls_free( ssl->handshake->transform_handshake );
+ ssl->handshake->transform_handshake = NULL;
+ }
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+}
+
+int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+
+ mbedtls_ssl_session_reset_msg_layer( ssl, partial );
+
+ /* Reset renegotiation state */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
+ ssl->renego_records_seen = 0;
+
+ ssl->verify_data_len = 0;
+ memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+ memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+#endif
+ ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
+
+ ssl->session_in = NULL;
+ ssl->session_out = NULL;
+ if( ssl->session )
+ {
+ mbedtls_ssl_session_free( ssl->session );
+ mbedtls_free( ssl->session );
+ ssl->session = NULL;
+ }
+
+#if defined(MBEDTLS_SSL_ALPN)
+ ssl->alpn_chosen = NULL;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+ if( partial == 0 )
+#endif
+ {
+ mbedtls_free( ssl->cli_id );
+ ssl->cli_id = NULL;
+ ssl->cli_id_len = 0;
+ }
+#endif
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+/*
+ * Reset an initialized and used SSL context for re-use while retaining
+ * all application-set variables, function pointers and data.
+ */
+int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
+{
+ return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+}
+
+/*
+ * SSL set accessors
+ */
+void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
+{
+ conf->endpoint = endpoint;
+}
+
+void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
+{
+ conf->transport = transport;
+}
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
+{
+ conf->anti_replay = mode;
+}
+#endif
+
+void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
+{
+ conf->badmac_limit = limit;
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
+ unsigned allow_packing )
+{
+ ssl->disable_datagram_packing = !allow_packing;
+}
+
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
+ uint32_t min, uint32_t max )
+{
+ conf->hs_timeout_min = min;
+ conf->hs_timeout_max = max;
+}
+#endif
+
+void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
+{
+ conf->authmode = authmode;
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ conf->f_vrfy = f_vrfy;
+ conf->p_vrfy = p_vrfy;
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ conf->f_rng = f_rng;
+ conf->p_rng = p_rng;
+}
+
+void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
+ void (*f_dbg)(void *, int, const char *, int, const char *),
+ void *p_dbg )
+{
+ conf->f_dbg = f_dbg;
+ conf->p_dbg = p_dbg;
+}
+
+void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout )
+{
+ ssl->p_bio = p_bio;
+ ssl->f_send = f_send;
+ ssl->f_recv = f_recv;
+ ssl->f_recv_timeout = f_recv_timeout;
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
+{
+ ssl->mtu = mtu;
+}
+#endif
+
+void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
+{
+ conf->read_timeout = timeout;
+}
+
+void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
+ void *p_timer,
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer )
+{
+ ssl->p_timer = p_timer;
+ ssl->f_set_timer = f_set_timer;
+ ssl->f_get_timer = f_get_timer;
+
+ /* Make sure we start with no timer running */
+ mbedtls_ssl_set_timer( ssl, 0 );
+}
+
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
+ void *p_cache,
+ mbedtls_ssl_cache_get_t *f_get_cache,
+ mbedtls_ssl_cache_set_t *f_set_cache )
+{
+ conf->p_cache = p_cache;
+ conf->f_get_cache = f_get_cache;
+ conf->f_set_cache = f_set_cache;
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ssl == NULL ||
+ session == NULL ||
+ ssl->session_negotiate == NULL ||
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ if( ssl->handshake->resume == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
+ session ) ) != 0 )
+ return( ret );
+
+ ssl->handshake->resume = 1;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
+ const int *ciphersuites )
+{
+ conf->ciphersuite_list = ciphersuites;
+}
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
+ const int kex_modes )
+{
+ conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
+ const mbedtls_x509_crt_profile *profile )
+{
+ conf->cert_profile = profile;
+}
+
+static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
+{
+ mbedtls_ssl_key_cert *cur = key_cert, *next;
+
+ while( cur != NULL )
+ {
+ next = cur->next;
+ mbedtls_free( cur );
+ cur = next;
+ }
+}
+
+/* Append a new keycert entry to a (possibly empty) list */
+static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
+ mbedtls_x509_crt *cert,
+ mbedtls_pk_context *key )
+{
+ mbedtls_ssl_key_cert *new_cert;
+
+ if( cert == NULL )
+ {
+ /* Free list if cert is null */
+ ssl_key_cert_free( *head );
+ *head = NULL;
+ return( 0 );
+ }
+
+ new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+ if( new_cert == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ new_cert->cert = cert;
+ new_cert->key = key;
+ new_cert->next = NULL;
+
+ /* Update head if the list was null, else add to the end */
+ if( *head == NULL )
+ {
+ *head = new_cert;
+ }
+ else
+ {
+ mbedtls_ssl_key_cert *cur = *head;
+ while( cur->next != NULL )
+ cur = cur->next;
+ cur->next = new_cert;
+ }
+
+ return( 0 );
+}
+
+int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key )
+{
+ return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
+}
+
+void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl )
+{
+ conf->ca_chain = ca_chain;
+ conf->ca_crl = ca_crl;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+ * cannot be used together. */
+ conf->f_ca_cb = NULL;
+ conf->p_ca_cb = NULL;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb )
+{
+ conf->f_ca_cb = f_ca_cb;
+ conf->p_ca_cb = p_ca_cb;
+
+ /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+ * cannot be used together. */
+ conf->ca_chain = NULL;
+ conf->ca_crl = NULL;
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+const unsigned char *mbedtls_ssl_get_hs_sni( mbedtls_ssl_context *ssl,
+ size_t *name_len )
+{
+ *name_len = ssl->handshake->sni_name_len;
+ return( ssl->handshake->sni_name );
+}
+
+int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key )
+{
+ return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
+ own_cert, pk_key ) );
+}
+
+void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl )
+{
+ ssl->handshake->sni_ca_chain = ca_chain;
+ ssl->handshake->sni_ca_crl = ca_crl;
+}
+
+void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
+ int authmode )
+{
+ ssl->handshake->sni_authmode = authmode;
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ ssl->f_vrfy = f_vrfy;
+ ssl->p_vrfy = p_vrfy;
+}
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * Set EC J-PAKE password for current handshake
+ */
+int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
+ const unsigned char *pw,
+ size_t pw_len )
+{
+ mbedtls_ecjpake_role role;
+
+ if( ssl->handshake == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ role = MBEDTLS_ECJPAKE_SERVER;
+ else
+ role = MBEDTLS_ECJPAKE_CLIENT;
+
+ return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
+ role,
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_ECP_DP_SECP256R1,
+ pw, pw_len ) );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+
+static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
+ return( 1 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( conf->psk != NULL )
+ return( 1 );
+
+ return( 0 );
+}
+
+static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
+{
+ /* Remove reference to existing PSK, if any. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
+ {
+ /* The maintenance of the PSK key slot is the
+ * user's responsibility. */
+ conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
+ }
+ /* This and the following branch should never
+ * be taken simultaenously as we maintain the
+ * invariant that raw and opaque PSKs are never
+ * configured simultaneously. As a safeguard,
+ * though, `else` is omitted here. */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( conf->psk != NULL )
+ {
+ mbedtls_platform_zeroize( conf->psk, conf->psk_len );
+
+ mbedtls_free( conf->psk );
+ conf->psk = NULL;
+ conf->psk_len = 0;
+ }
+
+ /* Remove reference to PSK identity, if any. */
+ if( conf->psk_identity != NULL )
+ {
+ mbedtls_free( conf->psk_identity );
+ conf->psk_identity = NULL;
+ conf->psk_identity_len = 0;
+ }
+}
+
+/* This function assumes that PSK identity in the SSL config is unset.
+ * It checks that the provided identity is well-formed and attempts
+ * to make a copy of it in the SSL config.
+ * On failure, the PSK identity in the config remains unset. */
+static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
+ unsigned char const *psk_identity,
+ size_t psk_identity_len )
+{
+ /* Identity len will be encoded on two bytes */
+ if( psk_identity == NULL ||
+ ( psk_identity_len >> 16 ) != 0 ||
+ psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->psk_identity = mbedtls_calloc( 1, psk_identity_len );
+ if( conf->psk_identity == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ conf->psk_identity_len = psk_identity_len;
+ memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+ const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /* We currently only support one PSK, raw or opaque. */
+ if( ssl_conf_psk_is_configured( conf ) )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ /* Check and set raw PSK */
+ if( psk == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( psk_len == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( psk_len > MBEDTLS_PSK_MAX_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ conf->psk_len = psk_len;
+ memcpy( conf->psk, psk, conf->psk_len );
+
+ /* Check and set PSK Identity */
+ ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len );
+ if( ret != 0 )
+ ssl_conf_remove_psk( conf );
+
+ return( ret );
+}
+
+static void ssl_remove_psk( mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ {
+ ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl->handshake->psk != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->handshake->psk,
+ ssl->handshake->psk_len );
+ mbedtls_free( ssl->handshake->psk );
+ ssl->handshake->psk_len = 0;
+ }
+}
+
+int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
+ const unsigned char *psk, size_t psk_len )
+{
+ if( psk == NULL || ssl->handshake == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( psk_len > MBEDTLS_PSK_MAX_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl_remove_psk( ssl );
+
+ if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ ssl->handshake->psk_len = psk_len;
+ memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
+ mbedtls_svc_key_id_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /* We currently only support one PSK, raw or opaque. */
+ if( ssl_conf_psk_is_configured( conf ) )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ /* Check and set opaque PSK */
+ if( mbedtls_svc_key_id_is_null( psk ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ conf->psk_opaque = psk;
+
+ /* Check and set PSK Identity */
+ ret = ssl_conf_set_psk_identity( conf, psk_identity,
+ psk_identity_len );
+ if( ret != 0 )
+ ssl_conf_remove_psk( conf );
+
+ return( ret );
+}
+
+int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
+ mbedtls_svc_key_id_t psk )
+{
+ if( ( mbedtls_svc_key_id_is_null( psk ) ) ||
+ ( ssl->handshake == NULL ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl_remove_psk( ssl );
+ ssl->handshake->psk_opaque = psk;
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
+ int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+ size_t),
+ void *p_psk )
+{
+ conf->f_psk = f_psk;
+ conf->p_psk = p_psk;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
+ size_t taglen,
+ psa_algorithm_t *alg,
+ psa_key_type_t *key_type,
+ size_t *key_size )
+{
+ switch ( mbedtls_cipher_type )
+ {
+ case MBEDTLS_CIPHER_AES_128_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_AES_128_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_AES_128_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_AES_192_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_AES_192_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_AES_256_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_AES;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_ARIA_128_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_ARIA_128_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_ARIA_128_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_ARIA_192_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_ARIA_192_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_ARIA_256_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_ARIA_256_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_ARIA_256_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_ARIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 128;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 192;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
+ *alg = PSA_ALG_CBC_NO_PADDING;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
+ *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
+ *alg = PSA_ALG_GCM;
+ *key_type = PSA_KEY_TYPE_CAMELLIA;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_CHACHA20_POLY1305:
+ *alg = PSA_ALG_CHACHA20_POLY1305;
+ *key_type = PSA_KEY_TYPE_CHACHA20;
+ *key_size = 256;
+ break;
+ case MBEDTLS_CIPHER_NULL:
+ *alg = MBEDTLS_SSL_NULL_CIPHER;
+ *key_type = 0;
+ *key_size = 0;
+ break;
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_SUCCESS;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
+ const unsigned char *dhm_P, size_t P_len,
+ const unsigned char *dhm_G, size_t G_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+
+ if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
+ {
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+
+ if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
+ &conf->dhm_P ) ) != 0 ||
+ ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
+ &conf->dhm_G ) ) != 0 )
+ {
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+ return( ret );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+/*
+ * Set the minimum length for Diffie-Hellman parameters
+ */
+void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
+ unsigned int bitlen )
+{
+ conf->dhm_min_bitlen = bitlen;
+}
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
+/*
+ * Set allowed/preferred hashes for handshake signatures
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+ const int *hashes )
+{
+ conf->sig_hashes = hashes;
+}
+#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
+
+/* Configure allowed signature algorithms for handshake */
+void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
+ const uint16_t* sig_algs )
+{
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->sig_hashes = NULL;
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+ conf->sig_algs = sig_algs;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/*
+ * Set the allowed elliptic curves
+ *
+ * mbedtls_ssl_setup() takes the provided list
+ * and translates it to a list of IANA TLS group identifiers,
+ * stored in ssl->handshake->group_list.
+ *
+ */
+void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curve_list )
+{
+ conf->curve_list = curve_list;
+ conf->group_list = NULL;
+}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
+/*
+ * Set the allowed groups
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+ const uint16_t *group_list )
+{
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
+#endif
+ conf->group_list = group_list;
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
+{
+ /* Initialize to suppress unnecessary compiler warning */
+ size_t hostname_len = 0;
+
+ /* Check if new hostname is valid before
+ * making any change to current one */
+ if( hostname != NULL )
+ {
+ hostname_len = strlen( hostname );
+
+ if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /* Now it's clear that we will overwrite the old hostname,
+ * so we can free it safely */
+
+ if( ssl->hostname != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
+ mbedtls_free( ssl->hostname );
+ }
+
+ /* Passing NULL as hostname shall clear the old one */
+
+ if( hostname == NULL )
+ {
+ ssl->hostname = NULL;
+ }
+ else
+ {
+ ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
+ if( ssl->hostname == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( ssl->hostname, hostname, hostname_len );
+
+ ssl->hostname[hostname_len] = '\0';
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
+ int (*f_sni)(void *, mbedtls_ssl_context *,
+ const unsigned char *, size_t),
+ void *p_sni )
+{
+ conf->f_sni = f_sni;
+ conf->p_sni = p_sni;
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
+{
+ size_t cur_len, tot_len;
+ const char **p;
+
+ /*
+ * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
+ * MUST NOT be truncated."
+ * We check lengths now rather than later.
+ */
+ tot_len = 0;
+ for( p = protos; *p != NULL; p++ )
+ {
+ cur_len = strlen( *p );
+ tot_len += cur_len;
+
+ if( ( cur_len == 0 ) ||
+ ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
+ ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->alpn_list = protos;
+
+ return( 0 );
+}
+
+const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
+{
+ return( ssl->alpn_chosen );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
+ int support_mki_value )
+{
+ conf->dtls_srtp_mki_support = support_mki_value;
+}
+
+int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ uint16_t mki_len )
+{
+ if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED )
+ {
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len );
+ ssl->dtls_srtp_info.mki_len = mki_len;
+ return( 0 );
+}
+
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles )
+{
+ const mbedtls_ssl_srtp_profile *p;
+ size_t list_size = 0;
+
+ /* check the profiles list: all entry must be valid,
+ * its size cannot be more than the total number of supported profiles, currently 4 */
+ for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
+ list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
+ p++ )
+ {
+ if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET )
+ {
+ list_size++;
+ }
+ else
+ {
+ /* unsupported value, stop parsing and set the size to an error value */
+ list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1;
+ }
+ }
+
+ if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH )
+ {
+ conf->dtls_srtp_profile_list = NULL;
+ conf->dtls_srtp_profile_list_len = 0;
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->dtls_srtp_profile_list = profiles;
+ conf->dtls_srtp_profile_list_len = list_size;
+
+ return( 0 );
+}
+
+void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
+ mbedtls_dtls_srtp_info *dtls_srtp_info )
+{
+ dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile;
+ /* do not copy the mki value if there is no chosen profile */
+ if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
+ {
+ dtls_srtp_info->mki_len = 0;
+ }
+ else
+ {
+ dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len;
+ memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len );
+ }
+}
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
+{
+ conf->max_tls_version = (major << 8) | minor;
+}
+
+void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
+{
+ conf->min_tls_version = (major << 8) | minor;
+}
+
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
+ char cert_req_ca_list )
+{
+ conf->cert_req_ca_list = cert_req_ca_list;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
+{
+ conf->encrypt_then_mac = etm;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
+{
+ conf->extended_ms = ems;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
+{
+ if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
+ ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->mfl_code = mfl_code;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
+{
+ conf->allow_legacy_renegotiation = allow_legacy;
+}
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
+{
+ conf->disable_renegotiation = renegotiation;
+}
+
+void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
+{
+ conf->renego_max_records = max_records;
+}
+
+void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+ const unsigned char period[8] )
+{
+ memcpy( conf->renego_period, period, 8 );
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_CLI_C)
+void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
+{
+ conf->session_tickets = use_tickets;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket )
+{
+ conf->f_ticket_write = f_ticket_write;
+ conf->f_ticket_parse = f_ticket_parse;
+ conf->p_ticket = p_ticket;
+}
+#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys )
+{
+ ssl->f_export_keys = f_export_keys;
+ ssl->p_export_keys = p_export_keys;
+}
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+void mbedtls_ssl_conf_async_private_cb(
+ mbedtls_ssl_config *conf,
+ mbedtls_ssl_async_sign_t *f_async_sign,
+ mbedtls_ssl_async_decrypt_t *f_async_decrypt,
+ mbedtls_ssl_async_resume_t *f_async_resume,
+ mbedtls_ssl_async_cancel_t *f_async_cancel,
+ void *async_config_data )
+{
+ conf->f_async_sign_start = f_async_sign;
+ conf->f_async_decrypt_start = f_async_decrypt;
+ conf->f_async_resume = f_async_resume;
+ conf->f_async_cancel = f_async_cancel;
+ conf->p_async_config_data = async_config_data;
+}
+
+void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
+{
+ return( conf->p_async_config_data );
+}
+
+void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl )
+{
+ if( ssl->handshake == NULL )
+ return( NULL );
+ else
+ return( ssl->handshake->user_async_ctx );
+}
+
+void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
+ void *ctx )
+{
+ if( ssl->handshake != NULL )
+ ssl->handshake->user_async_ctx = ctx;
+}
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+/*
+ * SSL get accessors
+ */
+uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
+{
+ if( ssl->session != NULL )
+ return( ssl->session->verify_result );
+
+ if( ssl->session_negotiate != NULL )
+ return( ssl->session_negotiate->verify_result );
+
+ return( 0xFFFFFFFF );
+}
+
+int mbedtls_ssl_get_ciphersuite_id_from_ssl( const mbedtls_ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return( 0 );
+
+ return( ssl->session->ciphersuite );
+}
+
+const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return( NULL );
+
+ return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+}
+
+const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ switch( ssl->tls_version )
+ {
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ return( "DTLSv1.2" );
+ default:
+ return( "unknown (DTLS)" );
+ }
+ }
+#endif
+
+ switch( ssl->tls_version )
+ {
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ return( "TLSv1.2" );
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ return( "TLSv1.3" );
+ default:
+ return( "unknown" );
+ }
+}
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
+ size_t read_mfl;
+
+ /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
+ {
+ return ssl_mfl_code_to_length( ssl->conf->mfl_code );
+ }
+
+ /* Check if a smaller max length was negotiated */
+ if( ssl->session_out != NULL )
+ {
+ read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
+ if( read_mfl < max_len )
+ {
+ max_len = read_mfl;
+ }
+ }
+
+ // During a handshake, use the value being negotiated
+ if( ssl->session_negotiate != NULL )
+ {
+ read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+ if( read_mfl < max_len )
+ {
+ max_len = read_mfl;
+ }
+ }
+
+ return( max_len );
+}
+
+size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len;
+
+ /*
+ * Assume mfl_code is correct since it was checked when set
+ */
+ max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
+
+ /* Check if a smaller max length was negotiated */
+ if( ssl->session_out != NULL &&
+ ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
+ {
+ max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
+ }
+
+ /* During a handshake, use the value being negotiated */
+ if( ssl->session_negotiate != NULL &&
+ ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
+ {
+ max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+ }
+
+ return( max_len );
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
+{
+ /* Return unlimited mtu for client hello messages to avoid fragmentation. */
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
+ return ( 0 );
+
+ if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
+ return( ssl->mtu );
+
+ if( ssl->mtu == 0 )
+ return( ssl->handshake->mtu );
+
+ return( ssl->mtu < ssl->handshake->mtu ?
+ ssl->mtu : ssl->handshake->mtu );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+ !defined(MBEDTLS_SSL_PROTO_DTLS)
+ (void) ssl;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( mbedtls_ssl_get_current_mtu( ssl ) != 0 )
+ {
+ const size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
+ const int ret = mbedtls_ssl_get_record_expansion( ssl );
+ const size_t overhead = (size_t) ret;
+
+ if( ret < 0 )
+ return( ret );
+
+ if( mtu <= overhead )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( max_len > mtu - overhead )
+ max_len = mtu - overhead;
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+ !defined(MBEDTLS_SSL_PROTO_DTLS)
+ ((void) ssl);
+#endif
+
+ return( (int) max_len );
+}
+
+int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ (void) ssl;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+#endif
+
+ return( (int) max_len );
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return( NULL );
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ return( ssl->session->peer_cert );
+#else
+ return( NULL );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *dst )
+{
+ int ret;
+
+ if( ssl == NULL ||
+ dst == NULL ||
+ ssl->session == NULL ||
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer
+ * idempotent: Each session can only be exported once.
+ *
+ * (This is in preparation for TLS 1.3 support where we will
+ * need the ability to export multiple sessions (aka tickets),
+ * which will be achieved by calling mbedtls_ssl_get_session()
+ * multiple times until it fails.)
+ *
+ * Check whether we have already exported the current session,
+ * and fail if so.
+ */
+ if( ssl->session->exported == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ ret = mbedtls_ssl_session_copy( dst, ssl->session );
+ if( ret != 0 )
+ return( ret );
+
+ /* Remember that we've exported the session. */
+ ssl->session->exported = 1;
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/*
+ * Define ticket header determining Mbed TLS version
+ * and structure of the ticket.
+ */
+
+/*
+ * Define bitflag determining compile-time settings influencing
+ * structure of serialized SSL sessions.
+ */
+
+#if defined(MBEDTLS_HAVE_TIME)
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME 0
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 0
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM 0
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 4
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 5
+
+#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
+ ( (uint16_t) ( \
+ ( SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) ) )
+
+static unsigned char ssl_serialized_session_header[] = {
+ MBEDTLS_VERSION_MAJOR,
+ MBEDTLS_VERSION_MINOR,
+ MBEDTLS_VERSION_PATCH,
+ MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+};
+
+/*
+ * Serialize a session in the following format:
+ * (in the presentation language of TLS, RFC 8446 section 3)
+ *
+ * struct {
+ *
+ * opaque mbedtls_version[3]; // library version: major, minor, patch
+ * opaque session_format[2]; // library-version specific 16-bit field
+ * // determining the format of the remaining
+ * // serialized data.
+ *
+ * Note: When updating the format, remember to keep
+ * these version+format bytes.
+ *
+ * // In this version, `session_format` determines
+ * // the setting of those compile-time
+ * // configuration options which influence
+ * // the structure of mbedtls_ssl_session.
+ *
+ * uint8_t minor_ver; // Protocol minor version. Possible values:
+ * // - TLS 1.2 (3)
+ *
+ * select (serialized_session.tls_version) {
+ *
+ * case MBEDTLS_SSL_VERSION_TLS1_2:
+ * serialized_session_tls12 data;
+ *
+ * };
+ *
+ * } serialized_session;
+ *
+ */
+
+static int ssl_session_save( const mbedtls_ssl_session *session,
+ unsigned char omit_header,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t used = 0;
+
+ if( !omit_header )
+ {
+ /*
+ * Add Mbed TLS version identifier
+ */
+
+ used += sizeof( ssl_serialized_session_header );
+
+ if( used <= buf_len )
+ {
+ memcpy( p, ssl_serialized_session_header,
+ sizeof( ssl_serialized_session_header ) );
+ p += sizeof( ssl_serialized_session_header );
+ }
+ }
+
+ /*
+ * TLS version identifier
+ */
+ used += 1;
+ if( used <= buf_len )
+ {
+ *p++ = MBEDTLS_BYTE_0( session->tls_version );
+ }
+
+ /* Forward to version-specific serialization routine. */
+ switch( session->tls_version )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ {
+ size_t remaining_len = used <= buf_len ? buf_len - used : 0;
+ used += ssl_session_save_tls12( session, p, remaining_len );
+ break;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ *olen = used;
+ if( used > buf_len )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ return( 0 );
+}
+
+/*
+ * Public wrapper for ssl_session_save()
+ */
+int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen )
+{
+ return( ssl_session_save( session, 0, buf, buf_len, olen ) );
+}
+
+/*
+ * Deserialize session, see mbedtls_ssl_session_save() for format.
+ *
+ * This internal version is wrapped by a public function that cleans up in
+ * case of error, and has an extra option omit_header.
+ */
+static int ssl_session_load( mbedtls_ssl_session *session,
+ unsigned char omit_header,
+ const unsigned char *buf,
+ size_t len )
+{
+ const unsigned char *p = buf;
+ const unsigned char * const end = buf + len;
+
+ if( !omit_header )
+ {
+ /*
+ * Check Mbed TLS version identifier
+ */
+
+ if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( memcmp( p, ssl_serialized_session_header,
+ sizeof( ssl_serialized_session_header ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ }
+ p += sizeof( ssl_serialized_session_header );
+ }
+
+ /*
+ * TLS version identifier
+ */
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ session->tls_version = 0x0300 | *p++;
+
+ /* Dispatch according to TLS version. */
+ switch( session->tls_version )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ {
+ size_t remaining_len = ( end - p );
+ return( ssl_session_load_tls12( session, p, remaining_len ) );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ default:
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+}
+
+/*
+ * Deserialize session: public wrapper for error cleaning
+ */
+int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret = ssl_session_load( session, 0, buf, len );
+
+ if( ret != 0 )
+ mbedtls_ssl_session_free( session );
+
+ return( ret );
+}
+
+/*
+ * Perform a single step of the SSL handshake
+ */
+static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /*
+ * We may have not been able to send to the peer all the handshake data
+ * that were written into the output buffer by the previous handshake step,
+ * if the write to the network callback returned with the
+ * #MBEDTLS_ERR_SSL_WANT_WRITE error code.
+ * We proceed to the next handshake step only when all data from the
+ * previous one have been sent to the peer, thus we make sure that this is
+ * the case here by calling `mbedtls_ssl_flush_output()`. The function may
+ * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case
+ * we have to wait before to go ahead.
+ * In the case of TLS 1.3, handshake step handlers do not send data to the
+ * peer. Data are only sent here and through
+ * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
+ * alert occured.
+ */
+ if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+ {
+ if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ return( ret );
+}
+
+int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ssl == NULL ||
+ ssl->conf == NULL ||
+ ssl->handshake == NULL ||
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ ret = ssl_prepare_handshake_step( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_handle_pending_alert( ssl );
+ if( ret != 0 )
+ goto cleanup;
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %s",
+ mbedtls_ssl_states_str( ssl->state ) ) );
+
+ switch( ssl->state )
+ {
+ case MBEDTLS_SSL_HELLO_REQUEST:
+ ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+ break;
+
+ case MBEDTLS_SSL_CLIENT_HELLO:
+ ret = mbedtls_ssl_write_client_hello( ssl );
+ break;
+
+ default:
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
+ else
+ ret = mbedtls_ssl_handshake_client_step( ssl );
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ ret = mbedtls_ssl_handshake_client_step( ssl );
+#else
+ ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
+#endif
+ }
+ }
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
+ ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
+ ret = mbedtls_ssl_handshake_server_step( ssl );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ }
+#endif
+
+ if( ret != 0 )
+ {
+ /* handshake_step return error. And it is same
+ * with alert_reason.
+ */
+ if( ssl->send_alert )
+ {
+ ret = mbedtls_ssl_handle_pending_alert( ssl );
+ goto cleanup;
+ }
+ }
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Perform the SSL handshake
+ */
+int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+
+ /* Sanity checks */
+
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
+ "mbedtls_ssl_set_timer_cb() for DTLS" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
+
+ /* Main handshake loop */
+ while( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
+ {
+ ret = mbedtls_ssl_handshake_step( ssl );
+
+ if( ret != 0 )
+ break;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
+
+ return( ret );
+}
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#if defined(MBEDTLS_SSL_SRV_C)
+/*
+ * Write HelloRequest to request renegotiation on server
+ */
+static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+ ssl->out_msglen = 4;
+ ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
+
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+/*
+ * Actually renegotiate current connection, triggered by either:
+ * - any side: calling mbedtls_ssl_renegotiate(),
+ * - client: receiving a HelloRequest during mbedtls_ssl_read(),
+ * - server: receiving any handshake message on server during mbedtls_ssl_read() after
+ * the initial handshake is completed.
+ * If the handshake doesn't complete due to waiting for I/O, it will continue
+ * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
+ */
+int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
+ * the ServerHello will have message_seq = 1" */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
+ {
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ ssl->handshake->out_msg_seq = 1;
+ else
+ ssl->handshake->in_msg_seq = 1;
+ }
+#endif
+
+ ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+ ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
+
+ if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+
+ return( 0 );
+}
+
+/*
+ * Renegotiate current connection on client,
+ * or request renegotiation on server
+ */
+int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ /* On server, just send the request */
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
+
+ /* Did we already try/start sending HelloRequest? */
+ if( ssl->out_left != 0 )
+ return( mbedtls_ssl_flush_output( ssl ) );
+
+ return( ssl_write_hello_request( ssl ) );
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ /*
+ * On client, either start the renegotiation process or,
+ * if already in progress, continue the handshake
+ */
+ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ {
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret );
+ return( ret );
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+ return( ret );
+ }
+ }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
+{
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( handshake == NULL )
+ return;
+
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if ( ssl->handshake->group_list_heap_allocated )
+ mbedtls_free( (void*) handshake->group_list );
+ handshake->group_list = NULL;
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if ( ssl->handshake->sig_algs_heap_allocated )
+ mbedtls_free( (void*) handshake->sig_algs );
+ handshake->sig_algs = NULL;
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( ssl->handshake->certificate_request_context )
+ {
+ mbedtls_free( (void*) handshake->certificate_request_context );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
+ {
+ ssl->conf->f_async_cancel( ssl );
+ handshake->async_in_progress = 0;
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &handshake->fin_sha256_psa );
+#else
+ mbedtls_sha256_free( &handshake->fin_sha256 );
+#endif
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &handshake->fin_sha384_psa );
+#else
+ mbedtls_sha512_free( &handshake->fin_sha512 );
+#endif
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ mbedtls_dhm_free( &handshake->dhm_ctx );
+#endif
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
+ mbedtls_ecdh_free( &handshake->ecdh_ctx );
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
+#if defined(MBEDTLS_SSL_CLI_C)
+ mbedtls_free( handshake->ecjpake_cache );
+ handshake->ecjpake_cache = NULL;
+ handshake->ecjpake_cache_len = 0;
+#endif
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ /* explicit void pointer cast for buggy MS compiler */
+ mbedtls_free( (void *) handshake->curves );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( handshake->psk != NULL )
+ {
+ mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
+ mbedtls_free( handshake->psk );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ /*
+ * Free only the linked list wrapper, not the keys themselves
+ * since the belong to the SNI callback
+ */
+ ssl_key_cert_free( handshake->sni_key_cert );
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
+ if( handshake->ecrs_peer_cert != NULL )
+ {
+ mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
+ mbedtls_free( handshake->ecrs_peer_cert );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_free( &handshake->peer_pubkey );
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ mbedtls_free( handshake->cookie );
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ mbedtls_ssl_flight_free( handshake->flight );
+ mbedtls_ssl_buffering_free( ssl );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_ECDH_C) && \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_transform_free( handshake->transform_handshake );
+ mbedtls_ssl_transform_free( handshake->transform_earlydata );
+ mbedtls_free( handshake->transform_earlydata );
+ mbedtls_free( handshake->transform_handshake );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* If the buffers are too big - reallocate. Because of the way Mbed TLS
+ * processes datagrams and the fact that a datagram is allowed to have
+ * several records in it, it is possible that the I/O buffers are not
+ * empty at this stage */
+ handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
+ mbedtls_ssl_get_output_buflen( ssl ) );
+#endif
+
+ /* mbedtls_platform_zeroize MUST be last one in this function */
+ mbedtls_platform_zeroize( handshake,
+ sizeof( mbedtls_ssl_handshake_params ) );
+}
+
+void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
+{
+ if( session == NULL )
+ return;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ ssl_clear_peer_cert( session );
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ mbedtls_free( session->ticket );
+#endif
+
+ mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
+}
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 1u
+#else
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
+#else
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 0u
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_ALPN)
+#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 1u
+#else
+#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 0u
+#endif /* MBEDTLS_SSL_ALPN */
+
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT 0
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT 1
+#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT 2
+#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3
+
+#define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \
+ ( (uint32_t) ( \
+ ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ) | \
+ ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ) | \
+ ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ) | \
+ ( SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT ) | \
+ 0u ) )
+
+static unsigned char ssl_serialized_context_header[] = {
+ MBEDTLS_VERSION_MAJOR,
+ MBEDTLS_VERSION_MINOR,
+ MBEDTLS_VERSION_PATCH,
+ MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+ MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+};
+
+/*
+ * Serialize a full SSL context
+ *
+ * The format of the serialized data is:
+ * (in the presentation language of TLS, RFC 8446 section 3)
+ *
+ * // header
+ * opaque mbedtls_version[3]; // major, minor, patch
+ * opaque context_format[5]; // version-specific field determining
+ * // the format of the remaining
+ * // serialized data.
+ * Note: When updating the format, remember to keep these
+ * version+format bytes. (We may make their size part of the API.)
+ *
+ * // session sub-structure
+ * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
+ * // transform sub-structure
+ * uint8 random[64]; // ServerHello.random+ClientHello.random
+ * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
+ * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
+ * // fields from ssl_context
+ * uint32 badmac_seen; // DTLS: number of records with failing MAC
+ * uint64 in_window_top; // DTLS: last validated record seq_num
+ * uint64 in_window; // DTLS: bitmask for replay protection
+ * uint8 disable_datagram_packing; // DTLS: only one record per datagram
+ * uint64 cur_out_ctr; // Record layer: outgoing sequence number
+ * uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
+ * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
+ *
+ * Note that many fields of the ssl_context or sub-structures are not
+ * serialized, as they fall in one of the following categories:
+ *
+ * 1. forced value (eg in_left must be 0)
+ * 2. pointer to dynamically-allocated memory (eg session, transform)
+ * 3. value can be re-derived from other data (eg session keys from MS)
+ * 4. value was temporary (eg content of input buffer)
+ * 5. value will be provided by the user again (eg I/O callbacks and context)
+ */
+int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t used = 0;
+ size_t session_len;
+ int ret = 0;
+
+ /*
+ * Enforce usage restrictions, see "return BAD_INPUT_DATA" in
+ * this function's documentation.
+ *
+ * These are due to assumptions/limitations in the implementation. Some of
+ * them are likely to stay (no handshake in progress) some might go away
+ * (only DTLS) but are currently used to simplify the implementation.
+ */
+ /* The initial handshake must be over */
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ if( ssl->handshake != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* Double-check that sub-structures are indeed ready */
+ if( ssl->transform == NULL || ssl->session == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* There must be no pending incoming or outgoing data */
+ if( mbedtls_ssl_check_pending( ssl ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ if( ssl->out_left != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* Protocol must be DLTS, not TLS */
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* Version must be 1.2 */
+ if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* We must be using an AEAD ciphersuite */
+ if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+ /* Renegotiation must not be enabled */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+#endif
+
+ /*
+ * Version and format identifier
+ */
+ used += sizeof( ssl_serialized_context_header );
+
+ if( used <= buf_len )
+ {
+ memcpy( p, ssl_serialized_context_header,
+ sizeof( ssl_serialized_context_header ) );
+ p += sizeof( ssl_serialized_context_header );
+ }
+
+ /*
+ * Session (length + data)
+ */
+ ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len );
+ if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
+ return( ret );
+
+ used += 4 + session_len;
+ if( used <= buf_len )
+ {
+ MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
+ p += 4;
+
+ ret = ssl_session_save( ssl->session, 1,
+ p, session_len, &session_len );
+ if( ret != 0 )
+ return( ret );
+
+ p += session_len;
+ }
+
+ /*
+ * Transform
+ */
+ used += sizeof( ssl->transform->randbytes );
+ if( used <= buf_len )
+ {
+ memcpy( p, ssl->transform->randbytes,
+ sizeof( ssl->transform->randbytes ) );
+ p += sizeof( ssl->transform->randbytes );
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
+ if( used <= buf_len )
+ {
+ *p++ = ssl->transform->in_cid_len;
+ memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
+ p += ssl->transform->in_cid_len;
+
+ *p++ = ssl->transform->out_cid_len;
+ memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
+ p += ssl->transform->out_cid_len;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * Saved fields from top-level ssl_context structure
+ */
+ used += 4;
+ if( used <= buf_len )
+ {
+ MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
+ p += 4;
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ used += 16;
+ if( used <= buf_len )
+ {
+ MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
+ p += 8;
+
+ MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
+ p += 8;
+ }
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ used += 1;
+ if( used <= buf_len )
+ {
+ *p++ = ssl->disable_datagram_packing;
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+ if( used <= buf_len )
+ {
+ memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+ p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ used += 2;
+ if( used <= buf_len )
+ {
+ MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
+ p += 2;
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ {
+ const uint8_t alpn_len = ssl->alpn_chosen
+ ? (uint8_t) strlen( ssl->alpn_chosen )
+ : 0;
+
+ used += 1 + alpn_len;
+ if( used <= buf_len )
+ {
+ *p++ = alpn_len;
+
+ if( ssl->alpn_chosen != NULL )
+ {
+ memcpy( p, ssl->alpn_chosen, alpn_len );
+ p += alpn_len;
+ }
+ }
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ /*
+ * Done
+ */
+ *olen = used;
+
+ if( used > buf_len )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used );
+
+ return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+}
+
+/*
+ * Deserialize context, see mbedtls_ssl_context_save() for format.
+ *
+ * This internal version is wrapped by a public function that cleans up in
+ * case of error.
+ */
+static int ssl_context_load( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ const unsigned char *p = buf;
+ const unsigned char * const end = buf + len;
+ size_t session_len;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /*
+ * The context should have been freshly setup or reset.
+ * Give the user an error in case of obvious misuse.
+ * (Checking session is useful because it won't be NULL if we're
+ * renegotiating, or if the user mistakenly loaded a session first.)
+ */
+ if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
+ ssl->session != NULL )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /*
+ * We can't check that the config matches the initial one, but we can at
+ * least check it matches the requirements for serializing.
+ */
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
+ ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
+#endif
+ 0 )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len );
+
+ /*
+ * Check version identifier
+ */
+ if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( memcmp( p, ssl_serialized_context_header,
+ sizeof( ssl_serialized_context_header ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ }
+ p += sizeof( ssl_serialized_context_header );
+
+ /*
+ * Session
+ */
+ if( (size_t)( end - p ) < 4 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session_len = ( (size_t) p[0] << 24 ) |
+ ( (size_t) p[1] << 16 ) |
+ ( (size_t) p[2] << 8 ) |
+ ( (size_t) p[3] );
+ p += 4;
+
+ /* This has been allocated by ssl_handshake_init(), called by
+ * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
+ ssl->session = ssl->session_negotiate;
+ ssl->session_in = ssl->session;
+ ssl->session_out = ssl->session;
+ ssl->session_negotiate = NULL;
+
+ if( (size_t)( end - p ) < session_len )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ret = ssl_session_load( ssl->session, 1, p, session_len );
+ if( ret != 0 )
+ {
+ mbedtls_ssl_session_free( ssl->session );
+ return( ret );
+ }
+
+ p += session_len;
+
+ /*
+ * Transform
+ */
+
+ /* This has been allocated by ssl_handshake_init(), called by
+ * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
+ ssl->transform = ssl->transform_negotiate;
+ ssl->transform_in = ssl->transform;
+ ssl->transform_out = ssl->transform;
+ ssl->transform_negotiate = NULL;
+
+ /* Read random bytes and populate structure */
+ if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ ret = ssl_tls12_populate_transform( ssl->transform,
+ ssl->session->ciphersuite,
+ ssl->session->master,
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ ssl->session->encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
+ p, /* currently pointing to randbytes */
+ MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
+ ssl->conf->endpoint,
+ ssl );
+ if( ret != 0 )
+ return( ret );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ p += sizeof( ssl->transform->randbytes );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Read connection IDs and store them */
+ if( (size_t)( end - p ) < 1 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->transform->in_cid_len = *p++;
+
+ if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
+ p += ssl->transform->in_cid_len;
+
+ ssl->transform->out_cid_len = *p++;
+
+ if( (size_t)( end - p ) < ssl->transform->out_cid_len )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
+ p += ssl->transform->out_cid_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * Saved fields from top-level ssl_context structure
+ */
+ if( (size_t)( end - p ) < 4 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) |
+ ( (uint32_t) p[1] << 16 ) |
+ ( (uint32_t) p[2] << 8 ) |
+ ( (uint32_t) p[3] );
+ p += 4;
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ if( (size_t)( end - p ) < 16 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->in_window_top = ( (uint64_t) p[0] << 56 ) |
+ ( (uint64_t) p[1] << 48 ) |
+ ( (uint64_t) p[2] << 40 ) |
+ ( (uint64_t) p[3] << 32 ) |
+ ( (uint64_t) p[4] << 24 ) |
+ ( (uint64_t) p[5] << 16 ) |
+ ( (uint64_t) p[6] << 8 ) |
+ ( (uint64_t) p[7] );
+ p += 8;
+
+ ssl->in_window = ( (uint64_t) p[0] << 56 ) |
+ ( (uint64_t) p[1] << 48 ) |
+ ( (uint64_t) p[2] << 40 ) |
+ ( (uint64_t) p[3] << 32 ) |
+ ( (uint64_t) p[4] << 24 ) |
+ ( (uint64_t) p[5] << 16 ) |
+ ( (uint64_t) p[6] << 8 ) |
+ ( (uint64_t) p[7] );
+ p += 8;
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( (size_t)( end - p ) < 1 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->disable_datagram_packing = *p++;
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
+ p += sizeof( ssl->cur_out_ctr );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( (size_t)( end - p ) < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->mtu = ( p[0] << 8 ) | p[1];
+ p += 2;
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ {
+ uint8_t alpn_len;
+ const char **cur;
+
+ if( (size_t)( end - p ) < 1 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ alpn_len = *p++;
+
+ if( alpn_len != 0 && ssl->conf->alpn_list != NULL )
+ {
+ /* alpn_chosen should point to an item in the configured list */
+ for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+ {
+ if( strlen( *cur ) == alpn_len &&
+ memcmp( p, cur, alpn_len ) == 0 )
+ {
+ ssl->alpn_chosen = *cur;
+ break;
+ }
+ }
+ }
+
+ /* can only happen on conf mismatch */
+ if( alpn_len != 0 && ssl->alpn_chosen == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ p += alpn_len;
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ /*
+ * Forced fields from top-level ssl_context structure
+ *
+ * Most of them already set to the correct value by mbedtls_ssl_init() and
+ * mbedtls_ssl_reset(), so we only need to set the remaining ones.
+ */
+ ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
+ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+
+ /* Adjust pointers for header fields of outgoing records to
+ * the given transform, accounting for explicit IV and CID. */
+ mbedtls_ssl_update_out_pointers( ssl, ssl->transform );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ ssl->in_epoch = 1;
+#endif
+
+ /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated,
+ * which we don't want - otherwise we'd end up freeing the wrong transform
+ * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform()
+ * inappropriately. */
+ if( ssl->handshake != NULL )
+ {
+ mbedtls_ssl_handshake_free( ssl );
+ mbedtls_free( ssl->handshake );
+ ssl->handshake = NULL;
+ }
+
+ /*
+ * Done - should have consumed entire buffer
+ */
+ if( p != end )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ return( 0 );
+}
+
+/*
+ * Deserialize context: public wrapper for error cleaning
+ */
+int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret = ssl_context_load( context, buf, len );
+
+ if( ret != 0 )
+ mbedtls_ssl_free( context );
+
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+/*
+ * Free an SSL context
+ */
+void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
+{
+ if( ssl == NULL )
+ return;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
+
+ if( ssl->out_buf != NULL )
+ {
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ size_t out_buf_len = ssl->out_buf_len;
+#else
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
+#endif
+
+ mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
+ mbedtls_free( ssl->out_buf );
+ ssl->out_buf = NULL;
+ }
+
+ if( ssl->in_buf != NULL )
+ {
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ size_t in_buf_len = ssl->in_buf_len;
+#else
+ size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
+#endif
+
+ mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
+ mbedtls_free( ssl->in_buf );
+ ssl->in_buf = NULL;
+ }
+
+ if( ssl->transform )
+ {
+ mbedtls_ssl_transform_free( ssl->transform );
+ mbedtls_free( ssl->transform );
+ }
+
+ if( ssl->handshake )
+ {
+ mbedtls_ssl_handshake_free( ssl );
+ mbedtls_ssl_transform_free( ssl->transform_negotiate );
+ mbedtls_ssl_session_free( ssl->session_negotiate );
+
+ mbedtls_free( ssl->handshake );
+ mbedtls_free( ssl->transform_negotiate );
+ mbedtls_free( ssl->session_negotiate );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_transform_free( ssl->transform_application );
+ mbedtls_free( ssl->transform_application );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ if( ssl->session )
+ {
+ mbedtls_ssl_session_free( ssl->session );
+ mbedtls_free( ssl->session );
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( ssl->hostname != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
+ mbedtls_free( ssl->hostname );
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+ mbedtls_free( ssl->cli_id );
+#endif
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
+
+ /* Actually clear after last debug message */
+ mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
+}
+
+/*
+ * Initialze mbedtls_ssl_config
+ */
+void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
+{
+ memset( conf, 0, sizeof( mbedtls_ssl_config ) );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/* The selection should be the same as mbedtls_x509_crt_profile_default in
+ * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
+ * for no fundamental reason.
+ * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * about this list. */
+static int ssl_preset_default_hashes[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+#endif
+ MBEDTLS_MD_NONE
+};
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+/* The selection should be the same as mbedtls_x509_crt_profile_default in
+ * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
+ * curves with a lower resource usage come first.
+ * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * about this list.
+ */
+static uint16_t ssl_preset_default_groups[] = {
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_X448,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
+#endif
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+};
+
+static int ssl_preset_suiteb_ciphersuites[] = {
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ 0
+};
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+static int ssl_preset_suiteb_hashes[] = {
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ MBEDTLS_MD_SHA384,
+#endif
+ MBEDTLS_MD_NONE
+};
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
+/* NOTICE:
+ * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following
+ * rules SHOULD be upheld.
+ * - No duplicate entries.
+ * - But if there is a good reason, do not change the order of the algorithms.
+ * - ssl_tls12_present* is for TLS 1.2 use only.
+ * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes.
+ */
+static uint16_t ssl_preset_default_sig_algs[] = {
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
+ MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA512_C) && \
+ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
+ MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
+
+ MBEDTLS_TLS1_3_SIG_NONE
+};
+
+/* NOTICE: see above */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+static uint16_t ssl_tls12_preset_default_sig_algs[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
+#endif
+ MBEDTLS_TLS1_3_SIG_NONE
+};
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+/* NOTICE: see above */
+static uint16_t ssl_preset_suiteb_sig_algs[] = {
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
+ MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
+
+ MBEDTLS_TLS1_3_SIG_NONE
+};
+
+/* NOTICE: see above */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
+#endif
+ MBEDTLS_TLS1_3_SIG_NONE
+};
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+static uint16_t ssl_preset_suiteb_groups[] = {
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+#endif
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+};
+
+#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
+ * to make sure there are no duplicated signature algorithm entries. */
+static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs )
+{
+ size_t i, j;
+ int ret = 0;
+
+ for( i = 0; sig_algs[i] != MBEDTLS_TLS1_3_SIG_NONE; i++ )
+ {
+ for( j = 0; j < i; j++ )
+ {
+ if( sig_algs[i] != sig_algs[j] )
+ continue;
+ mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET
+ ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n",
+ sig_algs[i], j, i );
+ ret = -1;
+ }
+ }
+ return( ret );
+}
+
+#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+/*
+ * Load default in mbedtls_ssl_config
+ */
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+ int endpoint, int transport, int preset )
+{
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#endif
+
+#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) )
+ {
+ mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" );
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ }
+
+ if( ssl_check_no_sig_alg_duplication( ssl_preset_default_sig_algs ) )
+ {
+ mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" );
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_suiteb_sig_algs ) )
+ {
+ mbedtls_printf( "ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n" );
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ }
+
+ if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_default_sig_algs ) )
+ {
+ mbedtls_printf( "ssl_tls12_preset_default_sig_algs has duplicated entries\n" );
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+ /* Use the functions here so that they are covered in tests,
+ * but otherwise access member directly for efficiency */
+ mbedtls_ssl_conf_endpoint( conf, endpoint );
+ mbedtls_ssl_conf_transport( conf, transport );
+
+ /*
+ * Things that are common to all presets
+ */
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
+#endif
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+ conf->f_cookie_write = ssl_cookie_write_dummy;
+ conf->f_cookie_check = ssl_cookie_check_dummy;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
+ conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
+ conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
+ memset( conf->renego_period, 0x00, 2 );
+ memset( conf->renego_period + 2, 0xFF, 6 );
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+ if( endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ const unsigned char dhm_p[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
+ const unsigned char dhm_g[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
+
+ if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
+ dhm_p, sizeof( dhm_p ),
+ dhm_g, sizeof( dhm_g ) ) ) != 0 )
+ {
+ return( ret );
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ /*
+ * Allow all TLS 1.3 key exchange modes by default.
+ */
+ conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+#else
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+ }
+ else
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+ else
+ /* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
+ {
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+#else
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+ }
+
+ /*
+ * Preset-specific defaults
+ */
+ switch( preset )
+ {
+ /*
+ * NSA Suite B
+ */
+ case MBEDTLS_SSL_PRESET_SUITEB:
+
+ conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->sig_hashes = ssl_preset_suiteb_hashes;
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( mbedtls_ssl_conf_is_tls12_only( conf ) )
+ conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
+ else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ conf->sig_algs = ssl_preset_suiteb_sig_algs;
+#endif
+
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
+#endif
+ conf->group_list = ssl_preset_suiteb_groups;
+ break;
+
+ /*
+ * Default
+ */
+ default:
+
+ conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ conf->cert_profile = &mbedtls_x509_crt_profile_default;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->sig_hashes = ssl_preset_default_hashes;
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( mbedtls_ssl_conf_is_tls12_only( conf ) )
+ conf->sig_algs = ssl_tls12_preset_default_sig_algs;
+ else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ conf->sig_algs = ssl_preset_default_sig_algs;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
+#endif
+ conf->group_list = ssl_preset_default_groups;
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+ conf->dhm_min_bitlen = 1024;
+#endif
+ }
+
+ return( 0 );
+}
+
+/*
+ * Free mbedtls_ssl_config
+ */
+void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_DHM_C)
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( conf->psk != NULL )
+ {
+ mbedtls_platform_zeroize( conf->psk, conf->psk_len );
+ mbedtls_free( conf->psk );
+ conf->psk = NULL;
+ conf->psk_len = 0;
+ }
+
+ if( conf->psk_identity != NULL )
+ {
+ mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
+ mbedtls_free( conf->psk_identity );
+ conf->psk_identity = NULL;
+ conf->psk_identity_len = 0;
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ ssl_key_cert_free( conf->key_cert );
+#endif
+
+ mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
+}
+
+#if defined(MBEDTLS_PK_C) && \
+ ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
+/*
+ * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
+ */
+unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
+{
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
+ return( MBEDTLS_SSL_SIG_RSA );
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
+ return( MBEDTLS_SSL_SIG_ECDSA );
+#endif
+ return( MBEDTLS_SSL_SIG_ANON );
+}
+
+unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
+{
+ switch( type ) {
+ case MBEDTLS_PK_RSA:
+ return( MBEDTLS_SSL_SIG_RSA );
+ case MBEDTLS_PK_ECDSA:
+ case MBEDTLS_PK_ECKEY:
+ return( MBEDTLS_SSL_SIG_ECDSA );
+ default:
+ return( MBEDTLS_SSL_SIG_ANON );
+ }
+}
+
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
+{
+ switch( sig )
+ {
+#if defined(MBEDTLS_RSA_C)
+ case MBEDTLS_SSL_SIG_RSA:
+ return( MBEDTLS_PK_RSA );
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+ case MBEDTLS_SSL_SIG_ECDSA:
+ return( MBEDTLS_PK_ECDSA );
+#endif
+ default:
+ return( MBEDTLS_PK_NONE );
+ }
+}
+#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
+
+/*
+ * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
+ */
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
+{
+ switch( hash )
+ {
+#if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_SSL_HASH_MD5:
+ return( MBEDTLS_MD_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_SSL_HASH_SHA1:
+ return( MBEDTLS_MD_SHA1 );
+#endif
+#if defined(MBEDTLS_SHA224_C)
+ case MBEDTLS_SSL_HASH_SHA224:
+ return( MBEDTLS_MD_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_HASH_SHA256:
+ return( MBEDTLS_MD_SHA256 );
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_SSL_HASH_SHA384:
+ return( MBEDTLS_MD_SHA384 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_SSL_HASH_SHA512:
+ return( MBEDTLS_MD_SHA512 );
+#endif
+ default:
+ return( MBEDTLS_MD_NONE );
+ }
+}
+
+/*
+ * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
+ */
+unsigned char mbedtls_ssl_hash_from_md_alg( int md )
+{
+ switch( md )
+ {
+#if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_MD_MD5:
+ return( MBEDTLS_SSL_HASH_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_MD_SHA1:
+ return( MBEDTLS_SSL_HASH_SHA1 );
+#endif
+#if defined(MBEDTLS_SHA224_C)
+ case MBEDTLS_MD_SHA224:
+ return( MBEDTLS_SSL_HASH_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA256:
+ return( MBEDTLS_SSL_HASH_SHA256 );
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_MD_SHA384:
+ return( MBEDTLS_SSL_HASH_SHA384 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA512:
+ return( MBEDTLS_SSL_HASH_SHA512 );
+#endif
+ default:
+ return( MBEDTLS_SSL_HASH_NONE );
+ }
+}
+
+/*
+ * Check if a curve proposed by the peer is in our list.
+ * Return 0 if we're willing to use it, -1 otherwise.
+ */
+int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
+{
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ if( group_list == NULL )
+ return( -1 );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ if( *group_list == tls_id )
+ return( 0 );
+ }
+
+ return( -1 );
+}
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id.
+ */
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+{
+ uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id( grp_id )->tls_id;
+ return mbedtls_ssl_check_curve_tls_id( ssl, tls_id );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite,
+ int cert_endpoint,
+ uint32_t *flags )
+{
+ int ret = 0;
+ int usage = 0;
+ const char *ext_oid;
+ size_t ext_len;
+
+ if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ /* Server part of the key exchange */
+ switch( ciphersuite->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+ break;
+
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ break;
+
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
+ break;
+
+ /* Don't use default: we want warnings when adding new values */
+ case MBEDTLS_KEY_EXCHANGE_NONE:
+ case MBEDTLS_KEY_EXCHANGE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
+ usage = 0;
+ }
+ }
+ else
+ {
+ /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
+ usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ }
+
+ if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
+ {
+ *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
+ ret = -1;
+ }
+
+ if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ ext_oid = MBEDTLS_OID_SERVER_AUTH;
+ ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
+ }
+ else
+ {
+ ext_oid = MBEDTLS_OID_CLIENT_AUTH;
+ ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+ }
+
+ if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
+ {
+ *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
+ ret = -1;
+ }
+
+ return( ret );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *olen )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *hash_operation_to_clone;
+ psa_hash_operation_t hash_operation = psa_hash_operation_init();
+
+ *olen = 0;
+
+ switch( md )
+ {
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_MD_SHA384:
+ hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
+ break;
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA256:
+ hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
+ break;
+#endif
+
+ default:
+ goto exit;
+ }
+
+ status = psa_hash_clone( hash_operation_to_clone, &hash_operation );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_finish( &hash_operation, dst, dst_len, olen );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+exit:
+ return( psa_ssl_status_to_mbedtls( status ) );
+}
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SHA384_C)
+static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *olen )
+{
+ int ret;
+ mbedtls_sha512_context sha512;
+
+ if( dst_len < 48 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ mbedtls_sha512_init( &sha512 );
+ mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+ if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
+ goto exit;
+ }
+
+ *olen = 48;
+
+exit:
+
+ mbedtls_sha512_free( &sha512 );
+ return( ret );
+}
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA256_C)
+static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *olen )
+{
+ int ret;
+ mbedtls_sha256_context sha256;
+
+ if( dst_len < 32 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ mbedtls_sha256_init( &sha256 );
+ mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+ if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
+ goto exit;
+ }
+
+ *olen = 32;
+
+exit:
+
+ mbedtls_sha256_free( &sha256 );
+ return( ret );
+}
+#endif /* MBEDTLS_SHA256_C */
+
+int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *olen )
+{
+ switch( md )
+ {
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_MD_SHA384:
+ return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA256:
+ return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+#endif /* MBEDTLS_SHA256_C */
+
+ default:
+ break;
+ }
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
- psa_key_id_t key,
+ mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const unsigned char* seed, size_t seed_length,
const unsigned char* label, size_t label_length,
@@ -393,7 +4771,7 @@
{
psa_status_t status;
psa_algorithm_t alg;
- psa_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_derivation_operation_t derivation =
PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -549,6 +4927,7 @@
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_SHA256_C)
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
const char *label,
@@ -570,23 +4949,45 @@
label, random, rlen, dstbuf, dlen ) );
}
#endif /* MBEDTLS_SHA384_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
-#endif
-
+/*
+ * Set appropriate PRF function and other SSL / TLS1.2 functions
+ *
+ * Inputs:
+ * - hash associated with the ciphersuite (only used by TLS 1.2)
+ *
+ * Outputs:
+ * - the tls_prf, calc_verify and calc_finished members of handshake structure
+ */
+static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
+ mbedtls_md_type_t hash )
+{
#if defined(MBEDTLS_SHA384_C)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
+ if( hash == MBEDTLS_MD_SHA384 )
+ {
+ handshake->tls_prf = tls_prf_sha384;
+ handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ handshake->calc_finished = ssl_calc_finished_tls_sha384;
+ }
+ else
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SHA256_C)
+ {
+ (void) hash;
+ handshake->tls_prf = tls_prf_sha256;
+ handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ handshake->calc_finished = ssl_calc_finished_tls_sha256;
+ }
+#else
+ {
+ (void) handshake;
+ (void) hash;
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+#endif
+
+ return( 0 );
+}
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -610,540 +5011,6 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( tls_prf == tls_prf_sha384 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA384 );
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( tls_prf == tls_prf_sha256 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA256 );
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- return( MBEDTLS_SSL_TLS_PRF_NONE );
-}
-
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
-
- switch( prf )
- {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_SSL_TLS_PRF_SHA384:
- tls_prf = tls_prf_sha384;
- break;
-#endif /* MBEDTLS_SHA384_C */
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_SSL_TLS_PRF_SHA256:
- tls_prf = tls_prf_sha256;
- break;
-#endif /* MBEDTLS_SHA256_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- default:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
-}
-
-/* Type for the TLS PRF */
-typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
- const unsigned char *, size_t,
- unsigned char *, size_t);
-
-/*
- * Populate a transform structure with session keys and all the other
- * necessary information.
- *
- * Parameters:
- * - [in/out]: transform: structure to populate
- * [in] must be just initialised with mbedtls_ssl_transform_init()
- * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf()
- * - [in] ciphersuite
- * - [in] master
- * - [in] encrypt_then_mac
- * - [in] compression
- * - [in] tls_prf: pointer to PRF to use for key derivation
- * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
- * - [in] minor_ver: SSL/TLS minor version
- * - [in] endpoint: client or server
- * - [in] ssl: used for:
- * - ssl->conf->{f,p}_export_keys
- * [in] optionally used for:
- * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
- */
-static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
- int ciphersuite,
- const unsigned char master[48],
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- ssl_tls_prf_t tls_prf,
- const unsigned char randbytes[64],
- int minor_ver,
- unsigned endpoint,
- const mbedtls_ssl_context *ssl )
-{
- int ret = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- int psa_fallthrough;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char keyblk[256];
- unsigned char *key1;
- unsigned char *key2;
- unsigned char *mac_enc;
- unsigned char *mac_dec;
- size_t mac_key_len = 0;
- size_t iv_copy_len;
- size_t keylen;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- const mbedtls_cipher_info_t *cipher_info;
- const mbedtls_md_info_t *md_info;
-
-#if !defined(MBEDTLS_DEBUG_C) && \
- !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ssl->f_export_keys == NULL )
- {
- ssl = NULL; /* make sure we don't use it except for these cases */
- (void) ssl;
- }
-#endif
-
- /*
- * Some data just needs copying into the structure
- */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- transform->encrypt_then_mac = encrypt_then_mac;
-#endif
- transform->minor_ver = minor_ver;
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
- /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
- * generation separate. This should never happen. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- /*
- * Get various info structures
- */
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
- if( ciphersuite_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
- ciphersuite ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
- if( cipher_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
- ciphersuite_info->cipher ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
- if( md_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
- (unsigned) ciphersuite_info->mac ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* Copy own and peer's CID if the use of the CID
- * extension has been negotiated. */
- if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
-
- transform->in_cid_len = ssl->own_cid_len;
- memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
- transform->in_cid_len );
-
- transform->out_cid_len = ssl->handshake->peer_cid_len;
- memcpy( transform->out_cid, ssl->handshake->peer_cid,
- ssl->handshake->peer_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
- transform->out_cid_len );
- }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /*
- * Compute key block using the PRF
- */
- ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
- mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
-
- /*
- * Determine the appropriate key, IV and MAC length.
- */
-
- keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
-
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
- {
- size_t explicit_ivlen;
-
- transform->maclen = 0;
- mac_key_len = 0;
- transform->taglen =
- ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-
- /* All modes haves 96-bit IVs, but the length of the static parts vary
- * with mode and version:
- * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes
- * (to be concatenated with a dynamically chosen IV of 8 Bytes)
- * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's
- * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record
- * sequence number).
- */
- transform->ivlen = 12;
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
- transform->fixed_ivlen = 12;
- else
- transform->fixed_ivlen = 4;
-
- /* Minimum length of encrypted record */
- explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
- transform->minlen = explicit_ivlen + transform->taglen;
- }
- else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
- {
- /* Initialize HMAC contexts */
- if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
- ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- goto end;
- }
-
- /* Get MAC length */
- mac_key_len = mbedtls_md_get_size( md_info );
- transform->maclen = mac_key_len;
-
- /* IV length */
- transform->ivlen = cipher_info->iv_size;
-
- /* Minimum length */
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
- transform->minlen = transform->maclen;
- else
- {
- /*
- * GenericBlockCipher:
- * 1. if EtM is in use: one block plus MAC
- * otherwise: * first multiple of blocklen greater than maclen
- * 2. IV
- */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size;
- }
- else
-#endif
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
- }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- transform->minlen += transform->ivlen;
- }
- else
-#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto end;
- }
- }
- }
- else
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
- (unsigned) keylen,
- (unsigned) transform->minlen,
- (unsigned) transform->ivlen,
- (unsigned) transform->maclen ) );
-
- /*
- * Finally setup the cipher contexts, IVs and MAC secrets.
- */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- key1 = keyblk + mac_key_len * 2;
- key2 = keyblk + mac_key_len * 2 + keylen;
-
- mac_enc = keyblk;
- mac_dec = keyblk + mac_key_len;
-
- /*
- * This is not used in TLS v1.1.
- */
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
- memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- key1 = keyblk + mac_key_len * 2 + keylen;
- key2 = keyblk + mac_key_len * 2;
-
- mac_enc = keyblk + mac_key_len;
- mac_dec = keyblk;
-
- /*
- * This is not used in TLS v1.1.
- */
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
- memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
-#endif /* MBEDTLS_SSL_SRV_C */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto end;
- }
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- /* For HMAC-based ciphersuites, initialize the HMAC transforms.
- For AEAD-based ciphersuites, there is nothing to do here. */
- if( mac_key_len != 0 )
- {
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
- if( ret != 0 )
- goto end;
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
- if( ret != 0 )
- goto end;
- }
-#endif
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
- ((void) mac_dec);
- ((void) mac_enc);
-
- if( ssl != NULL && ssl->f_export_keys != NULL )
- {
- ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
- master, 48,
- randbytes + 32,
- randbytes,
- tls_prf_get_type( tls_prf ) );
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
- cipher_info, transform->taglen );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
- goto end;
- }
-
- if( ret == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
- psa_fallthrough = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
- psa_fallthrough = 1;
- }
-
- if( psa_fallthrough == 1 )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- goto end;
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
- cipher_info, transform->taglen );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
- goto end;
- }
-
- if( ret == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
- psa_fallthrough = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
- psa_fallthrough = 1;
- }
-
- if( psa_fallthrough == 1 )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
- (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
- (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
- MBEDTLS_DECRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- goto end;
- }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
- {
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- goto end;
- }
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-
-end:
- mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
- return( ret );
-}
-
-/*
- * Set appropriate PRF function and other SSL / TLS1.2 functions
- *
- * Inputs:
- * - SSL/TLS minor version
- * - hash associated with the ciphersuite (only used by TLS 1.2)
- *
- * Outputs:
- * - the tls_prf, calc_verify and calc_finished members of handshake structure
- */
-static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
- int minor_ver,
- mbedtls_md_type_t hash )
-{
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C)
- (void) hash;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- hash == MBEDTLS_MD_SHA384 )
- {
- handshake->tls_prf = tls_prf_sha384;
- handshake->calc_verify = ssl_calc_verify_tls_sha384;
- handshake->calc_finished = ssl_calc_finished_tls_sha384;
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- handshake->tls_prf = tls_prf_sha256;
- handshake->calc_verify = ssl_calc_verify_tls_sha256;
- handshake->calc_finished = ssl_calc_finished_tls_sha256;
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- return( 0 );
-}
-
/*
* Compute master secret if needed
*
@@ -1156,7 +5023,7 @@
* [in] ssl: optionally used for debugging, EMS and PSA-PSK
* debug: conf->f_dbg, conf->p_dbg
* EMS: passed to calc_verify (debug + session_negotiate)
- * PSA-PSA: minor_ver, conf
+ * PSA-PSA: conf
*/
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
unsigned char *master,
@@ -1217,13 +5084,12 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_use_opaque_psk( ssl ) == 1 )
{
/* Perform PSK-to-MS expansion in a single step. */
psa_status_t status;
psa_algorithm_t alg;
- psa_key_id_t psk;
+ mbedtls_svc_key_id_t psk;
psa_key_derivation_operation_t derivation =
PSA_KEY_DERIVATION_OPERATION_INIT;
mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
@@ -1295,7 +5161,6 @@
/* Set PRF, calc_verify and calc_finished function pointers */
ret = ssl_set_handshake_prfs( ssl->handshake,
- ssl->minor_ver,
ciphersuite_info->mac );
if( ret != 0 )
{
@@ -1335,7 +5200,7 @@
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
- ssl->minor_ver,
+ ssl->tls_version,
ssl->conf->endpoint,
ssl );
if( ret != 0 )
@@ -1353,7 +5218,27 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
+{
+ switch( md )
+ {
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_SSL_HASH_SHA384:
+ ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_HASH_SHA256:
+ ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ break;
+#endif
+ default:
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
#if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
unsigned char *hash,
@@ -1451,7 +5336,6 @@
return;
}
#endif /* MBEDTLS_SHA384_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
@@ -1461,6 +5345,11 @@
const unsigned char *psk = NULL;
size_t psk_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ (void) key_ex;
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
== MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
{
@@ -1533,7 +5422,8 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1554,7 +5444,7 @@
MBEDTLS_DEBUG_ECDH_Z );
}
else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1610,29 +5500,6 @@
#endif
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
-{
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( session->peer_cert != NULL )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
- session->peer_cert = NULL;
- }
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( session->peer_cert_digest != NULL )
- {
- /* Zeroization is not necessary. */
- mbedtls_free( session->peer_cert_digest );
- session->peer_cert_digest = NULL;
- session->peer_cert_digest_type = MBEDTLS_MD_NONE;
- session->peer_cert_digest_len = 0;
- }
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
/*
* Handshake functions
*/
@@ -1697,7 +5564,7 @@
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
- if( ssl->client_auth == 0 )
+ if( ssl->handshake->client_auth == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
ssl->state++;
@@ -1983,7 +5850,6 @@
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
return( -1 );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
@@ -1992,9 +5858,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
return( 0 );
}
-
return( -1 );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -2424,99 +6288,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
-{
- ((void) ciphersuite_info);
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- ssl->handshake->update_checksum = ssl_update_checksum_sha384;
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
- ssl->handshake->update_checksum = ssl_update_checksum_sha256;
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return;
- }
-}
-
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &ssl->handshake->fin_sha256_psa );
- psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
-#else
- mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
-#endif
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &ssl->handshake->fin_sha384_psa );
- psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
-#else
- mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
-#endif
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
-static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
-#else
- mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
-#endif
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
-#else
- mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
-#endif
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
-#else
- mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
-#endif
-}
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
-#else
- mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
-#endif
-}
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_calc_finished_tls_sha256(
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
@@ -2593,6 +6364,7 @@
}
#endif /* MBEDTLS_SHA256_C */
+
#if defined(MBEDTLS_SHA384_C)
static void ssl_calc_finished_tls_sha384(
@@ -2668,7 +6440,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
#endif /* MBEDTLS_SHA384_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
{
@@ -2954,1746 +6725,697 @@
return( ret );
}
-static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+/*
+ * Helper to get TLS 1.2 PRF from ciphersuite
+ * (Duplicates bits of logic from ssl_set_handshake_prfs().)
+ */
+static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
- memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- handshake->fin_sha256_psa = psa_hash_operation_init();
- psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
-#else
- mbedtls_sha256_init( &handshake->fin_sha256 );
- mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
-#endif
-#endif
#if defined(MBEDTLS_SHA384_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- handshake->fin_sha384_psa = psa_hash_operation_init();
- psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+ const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ return( tls_prf_sha384 );
#else
- mbedtls_sha512_init( &handshake->fin_sha512 );
- mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
+ (void) ciphersuite_id;
#endif
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ return( tls_prf_sha256 );
+}
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
- handshake->update_checksum = ssl_update_checksum_start;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
+static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+{
+ ((void) tls_prf);
+#if defined(MBEDTLS_SHA384_C)
+ if( tls_prf == tls_prf_sha384 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA384 );
+ }
+ else
#endif
-
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_init( &handshake->dhm_ctx );
+#if defined(MBEDTLS_SHA256_C)
+ if( tls_prf == tls_prf_sha256 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA256 );
+ }
+ else
#endif
-#if defined(MBEDTLS_ECDH_C)
- mbedtls_ecdh_init( &handshake->ecdh_ctx );
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
-#if defined(MBEDTLS_SSL_CLI_C)
- handshake->ecjpake_cache = NULL;
- handshake->ecjpake_cache_len = 0;
-#endif
-#endif
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_init( &handshake->peer_pubkey );
-#endif
+ return( MBEDTLS_SSL_TLS_PRF_NONE );
}
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
+/*
+ * Populate a transform structure with session keys and all the other
+ * necessary information.
+ *
+ * Parameters:
+ * - [in/out]: transform: structure to populate
+ * [in] must be just initialised with mbedtls_ssl_transform_init()
+ * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf()
+ * - [in] ciphersuite
+ * - [in] master
+ * - [in] encrypt_then_mac
+ * - [in] compression
+ * - [in] tls_prf: pointer to PRF to use for key derivation
+ * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
+ * - [in] tls_version: TLS version
+ * - [in] endpoint: client or server
+ * - [in] ssl: used for:
+ * - ssl->conf->{f,p}_export_keys
+ * [in] optionally used for:
+ * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
+ */
+static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ mbedtls_ssl_protocol_version tls_version,
+ unsigned endpoint,
+ const mbedtls_ssl_context *ssl )
{
- memset( transform, 0, sizeof(mbedtls_ssl_transform) );
+ int ret = 0;
+ unsigned char keyblk[256];
+ unsigned char *key1;
+ unsigned char *key2;
+ unsigned char *mac_enc;
+ unsigned char *mac_dec;
+ size_t mac_key_len = 0;
+ size_t iv_copy_len;
+ size_t keylen;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ const mbedtls_cipher_info_t *cipher_info;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ const mbedtls_md_info_t *md_info;
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_cipher_init( &transform->cipher_ctx_enc );
- mbedtls_cipher_init( &transform->cipher_ctx_dec );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t key_type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ psa_algorithm_t mac_alg = 0;
+ size_t key_bits;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
+#if !defined(MBEDTLS_DEBUG_C) && \
+ !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ssl->f_export_keys == NULL )
+ {
+ ssl = NULL; /* make sure we don't use it except for these cases */
+ (void) ssl;
+ }
+#endif
+
+ /*
+ * Some data just needs copying into the structure
+ */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ transform->encrypt_then_mac = encrypt_then_mac;
+#endif
+ transform->tls_version = tls_version;
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
+ * generation separate. This should never happen. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ /*
+ * Get various info structures
+ */
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+ if( ciphersuite_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
+ ciphersuite ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
+ if( cipher_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
+ ciphersuite_info->cipher ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+ if( mac_alg == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_psa_translate_md for %u not found",
+ (unsigned) ciphersuite_info->mac ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+#else
+ md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
+ if( md_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
+ (unsigned) ciphersuite_info->mac ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Copy own and peer's CID if the use of the CID
+ * extension has been negotiated. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+
+ transform->in_cid_len = ssl->own_cid_len;
+ memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
+ transform->in_cid_len );
+
+ transform->out_cid_len = ssl->handshake->peer_cid_len;
+ memcpy( transform->out_cid, ssl->handshake->peer_cid,
+ ssl->handshake->peer_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
+ transform->out_cid_len );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * Compute key block using the PRF
+ */
+ ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
+ mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+
+ /*
+ * Determine the appropriate key, IV and MAC length.
+ */
+
+ keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
+
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ {
+ size_t explicit_ivlen;
+
+ transform->maclen = 0;
+ mac_key_len = 0;
+ transform->taglen =
+ ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+ /* All modes haves 96-bit IVs, but the length of the static parts vary
+ * with mode and version:
+ * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes
+ * (to be concatenated with a dynamically chosen IV of 8 Bytes)
+ * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's
+ * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record
+ * sequence number).
+ */
+ transform->ivlen = 12;
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ transform->fixed_ivlen = 12;
+ else
+ transform->fixed_ivlen = 4;
+
+ /* Minimum length of encrypted record */
+ explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ transform->minlen = explicit_ivlen + transform->taglen;
+ }
+ else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
+ {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Get MAC length */
+ mac_key_len = PSA_HASH_LENGTH(mac_alg);
+#else
+ /* Initialize HMAC contexts */
+ if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
+ ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ goto end;
+ }
+
+ /* Get MAC length */
+ mac_key_len = mbedtls_md_get_size( md_info );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ transform->maclen = mac_key_len;
+
+ /* IV length */
+ transform->ivlen = cipher_info->iv_size;
+
+ /* Minimum length */
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
+ transform->minlen = transform->maclen;
+ else
+ {
+ /*
+ * GenericBlockCipher:
+ * 1. if EtM is in use: one block plus MAC
+ * otherwise: * first multiple of blocklen greater than maclen
+ * 2. IV
+ */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size;
+ }
+ else
+#endif
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size
+ - transform->maclen % cipher_info->block_size;
+ }
+
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ transform->minlen += transform->ivlen;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
+ }
+ }
+ }
+ else
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ (unsigned) keylen,
+ (unsigned) transform->minlen,
+ (unsigned) transform->ivlen,
+ (unsigned) transform->maclen ) );
+
+ /*
+ * Finally setup the cipher contexts, IVs and MAC secrets.
+ */
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ key1 = keyblk + mac_key_len * 2;
+ key2 = keyblk + mac_key_len * 2 + keylen;
+
+ mac_enc = keyblk;
+ mac_dec = keyblk + mac_key_len;
+
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
+ iv_copy_len );
+ }
+ else
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ key1 = keyblk + mac_key_len * 2 + keylen;
+ key2 = keyblk + mac_key_len * 2;
+
+ mac_enc = keyblk + mac_key_len;
+ mac_dec = keyblk;
+
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
+ iv_copy_len );
+ }
+ else
+#endif /* MBEDTLS_SSL_SRV_C */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
+ }
+
+ if( ssl != NULL && ssl->f_export_keys != NULL )
+ {
+ ssl->f_export_keys( ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
+ master, 48,
+ randbytes + 32,
+ randbytes,
+ tls_prf_get_type( tls_prf ) );
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
+ transform->taglen,
+ &alg,
+ &key_type,
+ &key_bits ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+ goto end;
+ }
+
+ transform->psa_alg = alg;
+
+ if ( alg != MBEDTLS_SSL_NULL_CIPHER )
+ {
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ if( ( status = psa_import_key( &attributes,
+ key1,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_enc ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status );
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+ goto end;
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+
+ if( ( status = psa_import_key( &attributes,
+ key2,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_dec ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+ goto end;
+ }
+ }
+#else
+ if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
+ cipher_info ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
+ cipher_info ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
+ (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+ MBEDTLS_ENCRYPT ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
+ (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+ MBEDTLS_DECRYPT ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ goto end;
+ }
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
+ {
+ if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ goto end;
+ }
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- mbedtls_md_init( &transform->md_ctx_enc );
- mbedtls_md_init( &transform->md_ctx_dec );
-#endif
-}
-
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
-{
- memset( session, 0, sizeof(mbedtls_ssl_session) );
-}
-
-static int ssl_handshake_init( mbedtls_ssl_context *ssl )
-{
- /* Clear old handshake information if present */
- if( ssl->transform_negotiate )
- mbedtls_ssl_transform_free( ssl->transform_negotiate );
- if( ssl->session_negotiate )
- mbedtls_ssl_session_free( ssl->session_negotiate );
- if( ssl->handshake )
- mbedtls_ssl_handshake_free( ssl );
-
- /*
- * Either the pointers are now NULL or cleared properly and can be freed.
- * Now allocate missing structures.
- */
- if( ssl->transform_negotiate == NULL )
+ /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+ For AEAD-based ciphersuites, there is nothing to do here. */
+ if( mac_key_len != 0 )
{
- ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
- }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_mac_alg = PSA_ALG_HMAC( mac_alg );
- if( ssl->session_negotiate == NULL )
- {
- ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
- }
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( mac_alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
- if( ssl->handshake == NULL )
- {
- ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
- }
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* If the buffers are too small - reallocate */
+ if( ( status = psa_import_key( &attributes,
+ mac_enc, mac_key_len,
+ &transform->psa_mac_enc ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+ goto end;
+ }
- handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
- MBEDTLS_SSL_OUT_BUFFER_LEN );
-#endif
-
- /* All pointers should exist and can be directly freed without issue */
- if( ssl->handshake == NULL ||
- ssl->transform_negotiate == NULL ||
- ssl->session_negotiate == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
-
- mbedtls_free( ssl->handshake );
- mbedtls_free( ssl->transform_negotiate );
- mbedtls_free( ssl->session_negotiate );
-
- ssl->handshake = NULL;
- ssl->transform_negotiate = NULL;
- ssl->session_negotiate = NULL;
-
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- /* Initialize structures */
- mbedtls_ssl_session_init( ssl->session_negotiate );
- mbedtls_ssl_transform_init( ssl->transform_negotiate );
- ssl_handshake_params_init( ssl->handshake );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ssl->handshake->alt_transform_out = ssl->transform_out;
-
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+ if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) ||
+ ( ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) &&
+ ( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) ) )
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
else
- ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
- mbedtls_ssl_set_timer( ssl, 0 );
- }
-#endif
-
-/*
- * curve_list is translated to IANA TLS group identifiers here because
- * mbedtls_ssl_conf_curves returns void and so can't return
- * any error codes.
- */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- /* Heap allocate and translate curve_list from internal to IANA group ids */
- if ( ssl->conf->curve_list != NULL )
- {
- size_t length;
- const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
-
- for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
- ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
-
- /* Leave room for zero termination */
- uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
- if ( group_list == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- for( size_t i = 0; i < length; i++ )
+ if( ( status = psa_import_key( &attributes,
+ mac_dec, mac_key_len,
+ &transform->psa_mac_dec ) ) != PSA_SUCCESS )
{
- const mbedtls_ecp_curve_info *info =
- mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
- if ( info == NULL )
- {
- mbedtls_free( group_list );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
- group_list[i] = info->tls_id;
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+ goto end;
}
-
- group_list[length] = 0;
-
- ssl->handshake->group_list = group_list;
- ssl->handshake->group_list_heap_allocated = 1;
+#else
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+ if( ret != 0 )
+ goto end;
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+ if( ret != 0 )
+ goto end;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
- else
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+ ((void) mac_dec);
+ ((void) mac_enc);
+
+end:
+ mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+ return( ret );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg )
+{
+ psa_status_t status;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+
+ if( ( status = psa_hash_setup( &hash_operation,
+ hash_alg ) ) != PSA_SUCCESS )
{
- ssl->handshake->group_list = ssl->conf->group_list;
- ssl->handshake->group_list_heap_allocated = 0;
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+ goto exit;
}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
+ if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
+ 64 ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_update( &hash_operation,
+ data, data_len ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
+ hashlen ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
+ goto exit;
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ switch( status )
+ {
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+ default:
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ }
+ }
return( 0 );
}
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-/* Dummy cookie callbacks for defaults */
-static int ssl_cookie_write_dummy( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *cli_id, size_t cli_id_len )
+#else
+
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg )
{
- ((void) ctx);
- ((void) p);
- ((void) end);
- ((void) cli_id);
- ((void) cli_id_len);
+ int ret = 0;
+ mbedtls_md_context_t ctx;
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ *hashlen = mbedtls_md_get_size( md_info );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
-static int ssl_cookie_check_dummy( void *ctx,
- const unsigned char *cookie, size_t cookie_len,
- const unsigned char *cli_id, size_t cli_id_len )
-{
- ((void) ctx);
- ((void) cookie);
- ((void) cookie_len);
- ((void) cli_id);
- ((void) cli_id_len);
-
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-/*
- * Initialize an SSL context
- */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
-{
- memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
-}
-
-static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
- {
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
- return( 0 );
- }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
- return( 0 );
- }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-#endif
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-}
-
-static int ssl_conf_check(const mbedtls_ssl_context *ssl)
-{
- int ret;
- ret = ssl_conf_version_check( ssl );
- if( ret != 0 )
- return( ret );
-
- /* Space for further checks */
-
- return( 0 );
-}
-
-/*
- * Setup an SSL context
- */
-
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
-
- ssl->conf = conf;
-
- if( ( ret = ssl_conf_check( ssl ) ) != 0 )
- return( ret );
+ mbedtls_md_init( &ctx );
/*
- * Prepare base structures
+ * digitally-signed struct {
+ * opaque client_random[32];
+ * opaque server_random[32];
+ * ServerDHParams params;
+ * };
*/
-
- /* Set to NULL in case of an error condition */
- ssl->out_buf = NULL;
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- ssl->in_buf_len = in_buf_len;
-#endif
- ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
- if( ssl->in_buf == NULL )
+ if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto error;
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
+ goto exit;
}
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- ssl->out_buf_len = out_buf_len;
-#endif
- ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
- if( ssl->out_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto error;
- }
-
- mbedtls_ssl_reset_in_out_pointers( ssl );
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
- memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) );
-#endif
-
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- goto error;
-
- return( 0 );
-
-error:
- mbedtls_free( ssl->in_buf );
- mbedtls_free( ssl->out_buf );
-
- ssl->conf = NULL;
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- ssl->in_buf_len = 0;
- ssl->out_buf_len = 0;
-#endif
- ssl->in_buf = NULL;
- ssl->out_buf = NULL;
-
- ssl->in_hdr = NULL;
- ssl->in_ctr = NULL;
- ssl->in_len = NULL;
- ssl->in_iv = NULL;
- ssl->in_msg = NULL;
-
- ssl->out_hdr = NULL;
- ssl->out_ctr = NULL;
- ssl->out_len = NULL;
- ssl->out_iv = NULL;
- ssl->out_msg = NULL;
-
- return( ret );
-}
-
-/*
- * Reset an initialized and used SSL context for re-use while retaining
- * all application-set variables, function pointers and data.
- *
- * If partial is non-zero, keep data in the input buffer and client ID.
- * (Use when a DTLS client reconnects from the same port.)
- */
-static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
- int partial )
-{
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len = ssl->in_buf_len;
- size_t out_buf_len = ssl->out_buf_len;
-#else
- size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
-#endif
-
-#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C)
- partial = 0;
-#endif
-
- /* Cancel any possibly running timer */
- mbedtls_ssl_set_timer( ssl, 0 );
-
- mbedtls_ssl_reset_in_out_pointers( ssl );
-
- /* Reset incoming message parsing */
- ssl->in_offt = NULL;
- ssl->nb_zero = 0;
- ssl->in_msgtype = 0;
- ssl->in_msglen = 0;
- ssl->in_hslen = 0;
- ssl->keep_current_message = 0;
- ssl->transform_in = NULL;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- ssl->next_record_offset = 0;
- ssl->in_epoch = 0;
-#endif
-
- /* Keep current datagram if partial == 1 */
- if( partial == 0 )
- {
- ssl->in_left = 0;
- memset( ssl->in_buf, 0, in_buf_len );
- }
-
- /* Reset outgoing message writing */
- ssl->out_msgtype = 0;
- ssl->out_msglen = 0;
- ssl->out_left = 0;
- memset( ssl->out_buf, 0, out_buf_len );
- memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
- ssl->transform_out = NULL;
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- mbedtls_ssl_dtls_replay_reset( ssl );
-#endif
-
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
- ssl->transform = NULL;
- }
-}
-
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-
- ssl_session_reset_msg_layer( ssl, partial );
-
- /* Reset renegotiation state */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
- ssl->renego_records_seen = 0;
-
- ssl->verify_data_len = 0;
- memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
- memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
-#endif
- ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
-
- ssl->session_in = NULL;
- ssl->session_out = NULL;
- if( ssl->session )
- {
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
- ssl->session = NULL;
- }
-
-#if defined(MBEDTLS_SSL_ALPN)
- ssl->alpn_chosen = NULL;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
- if( partial == 0 )
-#endif
- {
- mbedtls_free( ssl->cli_id );
- ssl->cli_id = NULL;
- ssl->cli_id_len = 0;
- }
-#endif
-
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- return( ret );
-
- return( 0 );
-}
-
-/*
- * Reset an initialized and used SSL context for re-use while retaining
- * all application-set variables, function pointers and data.
- */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
-{
- return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
-}
-
-/*
- * SSL set accessors
- */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
-{
- conf->endpoint = endpoint;
-}
-
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
-{
- conf->transport = transport;
-}
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
-{
- conf->anti_replay = mode;
-}
-#endif
-
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
-{
- conf->badmac_limit = limit;
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing )
-{
- ssl->disable_datagram_packing = !allow_packing;
-}
-
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
- uint32_t min, uint32_t max )
-{
- conf->hs_timeout_min = min;
- conf->hs_timeout_max = max;
-}
-#endif
-
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
-{
- conf->authmode = authmode;
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
-{
- conf->f_vrfy = f_vrfy;
- conf->p_vrfy = p_vrfy;
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
-{
- conf->f_rng = f_rng;
- conf->p_rng = p_rng;
-}
-
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg )
-{
- conf->f_dbg = f_dbg;
- conf->p_dbg = p_dbg;
-}
-
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout )
-{
- ssl->p_bio = p_bio;
- ssl->f_send = f_send;
- ssl->f_recv = f_recv;
- ssl->f_recv_timeout = f_recv_timeout;
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
-{
- ssl->mtu = mtu;
-}
-#endif
-
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
-{
- conf->read_timeout = timeout;
-}
-
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer )
-{
- ssl->p_timer = p_timer;
- ssl->f_set_timer = f_set_timer;
- ssl->f_get_timer = f_get_timer;
-
- /* Make sure we start with no timer running */
- mbedtls_ssl_set_timer( ssl, 0 );
-}
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- mbedtls_ssl_cache_get_t *f_get_cache,
- mbedtls_ssl_cache_set_t *f_set_cache )
-{
- conf->p_cache = p_cache;
- conf->f_get_cache = f_get_cache;
- conf->f_set_cache = f_set_cache;
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ssl == NULL ||
- session == NULL ||
- ssl->session_negotiate == NULL ||
- ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- if( ssl->handshake->resume == 1 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-
- if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
- session ) ) != 0 )
- return( ret );
-
- ssl->handshake->resume = 1;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
-
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites )
-{
- conf->ciphersuite_list = ciphersuites;
-}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
- const int kex_modes )
-{
- conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile )
-{
- conf->cert_profile = profile;
-}
-
-/* Append a new keycert entry to a (possibly empty) list */
-static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
- mbedtls_x509_crt *cert,
- mbedtls_pk_context *key )
-{
- mbedtls_ssl_key_cert *new_cert;
-
- new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
- if( new_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- new_cert->cert = cert;
- new_cert->key = key;
- new_cert->next = NULL;
-
- /* Update head is the list was null, else add to the end */
- if( *head == NULL )
- {
- *head = new_cert;
- }
- else
- {
- mbedtls_ssl_key_cert *cur = *head;
- while( cur->next != NULL )
- cur = cur->next;
- cur->next = new_cert;
- }
-
- return( 0 );
-}
-
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key )
-{
- return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
-}
-
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl )
-{
- conf->ca_chain = ca_chain;
- conf->ca_crl = ca_crl;
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
- * cannot be used together. */
- conf->f_ca_cb = NULL;
- conf->p_ca_cb = NULL;
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-}
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb )
-{
- conf->f_ca_cb = f_ca_cb;
- conf->p_ca_cb = p_ca_cb;
-
- /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
- * cannot be used together. */
- conf->ca_chain = NULL;
- conf->ca_crl = NULL;
-}
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key )
-{
- return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
- own_cert, pk_key ) );
-}
-
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl )
-{
- ssl->handshake->sni_ca_chain = ca_chain;
- ssl->handshake->sni_ca_crl = ca_crl;
-}
-
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode )
-{
- ssl->handshake->sni_authmode = authmode;
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
-{
- ssl->f_vrfy = f_vrfy;
- ssl->p_vrfy = p_vrfy;
-}
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-/*
- * Set EC J-PAKE password for current handshake
- */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len )
-{
- mbedtls_ecjpake_role role;
-
- if( ssl->handshake == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- role = MBEDTLS_ECJPAKE_SERVER;
- else
- role = MBEDTLS_ECJPAKE_CLIENT;
-
- return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
- role,
- MBEDTLS_MD_SHA256,
- MBEDTLS_ECP_DP_SECP256R1,
- pw, pw_len ) );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
-static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- return( 1 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- if( conf->psk != NULL )
- return( 1 );
-
- return( 0 );
-}
-
-static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
-{
- /* Remove reference to existing PSK, if any. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- {
- /* The maintenance of the PSK key slot is the
- * user's responsibility. */
- conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
- }
- /* This and the following branch should never
- * be taken simultaenously as we maintain the
- * invariant that raw and opaque PSKs are never
- * configured simultaneously. As a safeguard,
- * though, `else` is omitted here. */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( conf->psk != NULL )
- {
- mbedtls_platform_zeroize( conf->psk, conf->psk_len );
-
- mbedtls_free( conf->psk );
- conf->psk = NULL;
- conf->psk_len = 0;
- }
-
- /* Remove reference to PSK identity, if any. */
- if( conf->psk_identity != NULL )
- {
- mbedtls_free( conf->psk_identity );
- conf->psk_identity = NULL;
- conf->psk_identity_len = 0;
- }
-}
-
-/* This function assumes that PSK identity in the SSL config is unset.
- * It checks that the provided identity is well-formed and attempts
- * to make a copy of it in the SSL config.
- * On failure, the PSK identity in the config remains unset. */
-static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
- unsigned char const *psk_identity,
- size_t psk_identity_len )
-{
- /* Identity len will be encoded on two bytes */
- if( psk_identity == NULL ||
- ( psk_identity_len >> 16 ) != 0 ||
- psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- conf->psk_identity = mbedtls_calloc( 1, psk_identity_len );
- if( conf->psk_identity == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- conf->psk_identity_len = psk_identity_len;
- memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
-
- return( 0 );
-}
-
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- /* We currently only support one PSK, raw or opaque. */
- if( ssl_conf_psk_is_configured( conf ) )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-
- /* Check and set raw PSK */
- if( psk == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( psk_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( psk_len > MBEDTLS_PSK_MAX_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- conf->psk_len = psk_len;
- memcpy( conf->psk, psk, conf->psk_len );
+exit:
+ mbedtls_md_free( &ctx );
- /* Check and set PSK Identity */
- ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len );
if( ret != 0 )
- ssl_conf_remove_psk( conf );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( ret );
}
-
-static void ssl_remove_psk( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- {
- ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
- }
- else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ssl->handshake->psk != NULL )
- {
- mbedtls_platform_zeroize( ssl->handshake->psk,
- ssl->handshake->psk_len );
- mbedtls_free( ssl->handshake->psk );
- ssl->handshake->psk_len = 0;
- }
-}
-
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len )
-{
- if( psk == NULL || ssl->handshake == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( psk_len > MBEDTLS_PSK_MAX_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl_remove_psk( ssl );
-
- if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- ssl->handshake->psk_len = psk_len;
- memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- /* We currently only support one PSK, raw or opaque. */
- if( ssl_conf_psk_is_configured( conf ) )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-
- /* Check and set opaque PSK */
- if( mbedtls_svc_key_id_is_null( psk ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- conf->psk_opaque = psk;
-
- /* Check and set PSK Identity */
- ret = ssl_conf_set_psk_identity( conf, psk_identity,
- psk_identity_len );
- if( ret != 0 )
- ssl_conf_remove_psk( conf );
-
- return( ret );
-}
-
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk )
-{
- if( ( mbedtls_svc_key_id_is_null( psk ) ) ||
- ( ssl->handshake == NULL ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl_remove_psk( ssl );
- ssl->handshake->psk_opaque = psk;
- return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk )
-{
- conf->f_psk = f_psk;
- conf->p_psk = p_psk;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
- ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
- {
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
- return( ret );
- }
-
- return( 0 );
-}
-
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
- &conf->dhm_P ) ) != 0 ||
- ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
- &conf->dhm_G ) ) != 0 )
- {
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
- return( ret );
- }
-
- return( 0 );
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/*
- * Set the minimum length for Diffie-Hellman parameters
- */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen )
-{
- conf->dhm_min_bitlen = bitlen;
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
- * Set allowed/preferred hashes for handshake signatures
- */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes )
-{
- conf->sig_hashes = hashes;
-}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/* Configure allowed signature algorithms for use in TLS 1.3 */
-void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
- const uint16_t* sig_algs )
+/* Find an entry in a signature-hash set matching a given hash algorithm. */
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg )
{
- conf->tls13_sig_algs = sig_algs;
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Set the allowed elliptic curves
- *
- * mbedtls_ssl_setup() takes the provided list
- * and translates it to a list of IANA TLS group identifiers,
- * stored in ssl->handshake->group_list.
- *
- */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curve_list )
-{
- conf->curve_list = curve_list;
- conf->group_list = NULL;
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
-/*
- * Set the allowed groups
- */
-void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
- const uint16_t *group_list )
-{
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
- conf->group_list = group_list;
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
-{
- /* Initialize to suppress unnecessary compiler warning */
- size_t hostname_len = 0;
-
- /* Check if new hostname is valid before
- * making any change to current one */
- if( hostname != NULL )
+ switch( sig_alg )
{
- hostname_len = strlen( hostname );
-
- if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- /* Now it's clear that we will overwrite the old hostname,
- * so we can free it safely */
-
- if( ssl->hostname != NULL )
- {
- mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
- mbedtls_free( ssl->hostname );
- }
-
- /* Passing NULL as hostname shall clear the old one */
-
- if( hostname == NULL )
- {
- ssl->hostname = NULL;
- }
- else
- {
- ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
- if( ssl->hostname == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- memcpy( ssl->hostname, hostname, hostname_len );
-
- ssl->hostname[hostname_len] = '\0';
- }
-
- return( 0 );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *,
- const unsigned char *, size_t),
- void *p_sni )
-{
- conf->f_sni = f_sni;
- conf->p_sni = p_sni;
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
-{
- size_t cur_len, tot_len;
- const char **p;
-
- /*
- * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
- * MUST NOT be truncated."
- * We check lengths now rather than later.
- */
- tot_len = 0;
- for( p = protos; *p != NULL; p++ )
- {
- cur_len = strlen( *p );
- tot_len += cur_len;
-
- if( ( cur_len == 0 ) ||
- ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
- ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- conf->alpn_list = protos;
-
- return( 0 );
-}
-
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
-{
- return( ssl->alpn_chosen );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value )
-{
- conf->dtls_srtp_mki_support = support_mki_value;
-}
-
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len )
-{
- if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED )
- {
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len );
- ssl->dtls_srtp_info.mki_len = mki_len;
- return( 0 );
-}
-
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles )
-{
- const mbedtls_ssl_srtp_profile *p;
- size_t list_size = 0;
-
- /* check the profiles list: all entry must be valid,
- * its size cannot be more than the total number of supported profiles, currently 4 */
- for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
- list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
- p++ )
- {
- if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET )
- {
- list_size++;
- }
- else
- {
- /* unsupported value, stop parsing and set the size to an error value */
- list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1;
- }
- }
-
- if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH )
- {
- conf->dtls_srtp_profile_list = NULL;
- conf->dtls_srtp_profile_list_len = 0;
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- conf->dtls_srtp_profile_list = profiles;
- conf->dtls_srtp_profile_list_len = list_size;
-
- return( 0 );
-}
-
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info )
-{
- dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile;
- /* do not copy the mki value if there is no chosen profile */
- if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
- {
- dtls_srtp_info->mki_len = 0;
- }
- else
- {
- dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len;
- memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
- ssl->dtls_srtp_info.mki_len );
+ case MBEDTLS_PK_RSA:
+ return( set->rsa );
+ case MBEDTLS_PK_ECDSA:
+ return( set->ecdsa );
+ default:
+ return( MBEDTLS_MD_NONE );
}
}
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
+/* Add a signature-hash-pair to a signature-hash set */
+void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg )
{
- conf->max_major_ver = major;
- conf->max_minor_ver = minor;
-}
-
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
-{
- conf->min_major_ver = major;
- conf->min_minor_ver = minor;
-}
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list )
-{
- conf->cert_req_ca_list = cert_req_ca_list;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
-{
- conf->encrypt_then_mac = etm;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
-{
- conf->extended_ms = ems;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
-{
- if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
- ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
+ switch( sig_alg )
{
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
+ case MBEDTLS_PK_RSA:
+ if( set->rsa == MBEDTLS_MD_NONE )
+ set->rsa = md_alg;
+ break;
- conf->mfl_code = mfl_code;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
-{
- conf->allow_legacy_renegotiation = allow_legacy;
-}
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
-{
- conf->disable_renegotiation = renegotiation;
-}
-
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
-{
- conf->renego_max_records = max_records;
-}
-
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] )
-{
- memcpy( conf->renego_period, period, 8 );
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-#if defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
-{
- conf->session_tickets = use_tickets;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket )
-{
- conf->f_ticket_write = f_ticket_write;
- conf->f_ticket_parse = f_ticket_parse;
- conf->p_ticket = p_ticket;
-}
-#endif
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys )
-{
- ssl->f_export_keys = f_export_keys;
- ssl->p_export_keys = p_export_keys;
-}
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-void mbedtls_ssl_conf_async_private_cb(
- mbedtls_ssl_config *conf,
- mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
- mbedtls_ssl_async_resume_t *f_async_resume,
- mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *async_config_data )
-{
- conf->f_async_sign_start = f_async_sign;
- conf->f_async_decrypt_start = f_async_decrypt;
- conf->f_async_resume = f_async_resume;
- conf->f_async_cancel = f_async_cancel;
- conf->p_async_config_data = async_config_data;
-}
-
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
-{
- return( conf->p_async_config_data );
-}
-
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl )
-{
- if( ssl->handshake == NULL )
- return( NULL );
- else
- return( ssl->handshake->user_async_ctx );
-}
-
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx )
-{
- if( ssl->handshake != NULL )
- ssl->handshake->user_async_ctx = ctx;
-}
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-/*
- * SSL get accessors
- */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
-{
- if( ssl->session != NULL )
- return( ssl->session->verify_result );
-
- if( ssl->session_negotiate != NULL )
- return( ssl->session_negotiate->verify_result );
-
- return( 0xFFFFFFFF );
-}
-
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
-{
- if( ssl == NULL || ssl->session == NULL )
- return( NULL );
-
- return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
-}
-
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- switch( ssl->minor_ver )
- {
- case MBEDTLS_SSL_MINOR_VERSION_3:
- return( "DTLSv1.2" );
-
- default:
- return( "unknown (DTLS)" );
- }
- }
-#endif
-
- switch( ssl->minor_ver )
- {
- case MBEDTLS_SSL_MINOR_VERSION_3:
- return( "TLSv1.2" );
+ case MBEDTLS_PK_ECDSA:
+ if( set->ecdsa == MBEDTLS_MD_NONE )
+ set->ecdsa = md_alg;
+ break;
default:
- return( "unknown" );
+ break;
}
}
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
+/* Allow exactly one hash algorithm for each signature. */
+void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg )
{
- size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
- size_t read_mfl;
-
- /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
- {
- return ssl_mfl_code_to_length( ssl->conf->mfl_code );
- }
-
- /* Check if a smaller max length was negotiated */
- if( ssl->session_out != NULL )
- {
- read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
- if( read_mfl < max_len )
- {
- max_len = read_mfl;
- }
- }
-
- // During a handshake, use the value being negotiated
- if( ssl->session_negotiate != NULL )
- {
- read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
- if( read_mfl < max_len )
- {
- max_len = read_mfl;
- }
- }
-
- return( max_len );
+ set->rsa = md_alg;
+ set->ecdsa = md_alg;
}
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
-{
- size_t max_len;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- /*
- * Assume mfl_code is correct since it was checked when set
- */
- max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
-
- /* Check if a smaller max length was negotiated */
- if( ssl->session_out != NULL &&
- ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
- {
- max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
- }
-
- /* During a handshake, use the value being negotiated */
- if( ssl->session_negotiate != NULL &&
- ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
- {
- max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
- }
-
- return( max_len );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
-{
- /* Return unlimited mtu for client hello messages to avoid fragmentation. */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
- ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
- return ( 0 );
-
- if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
- return( ssl->mtu );
-
- if( ssl->mtu == 0 )
- return( ssl->handshake->mtu );
-
- return( ssl->mtu < ssl->handshake->mtu ?
- ssl->mtu : ssl->handshake->mtu );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
-{
- size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
- !defined(MBEDTLS_SSL_PROTO_DTLS)
- (void) ssl;
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
-
- if( max_len > mfl )
- max_len = mfl;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( mbedtls_ssl_get_current_mtu( ssl ) != 0 )
- {
- const size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
- const int ret = mbedtls_ssl_get_record_expansion( ssl );
- const size_t overhead = (size_t) ret;
-
- if( ret < 0 )
- return( ret );
-
- if( mtu <= overhead )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- if( max_len > mtu - overhead )
- max_len = mtu - overhead;
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
- !defined(MBEDTLS_SSL_PROTO_DTLS)
- ((void) ssl);
-#endif
-
- return( (int) max_len );
-}
-
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
-{
- size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
-
-#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- (void) ssl;
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
-
- if( max_len > mfl )
- max_len = mfl;
-#endif
-
- return( (int) max_len );
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
-{
- if( ssl == NULL || ssl->session == NULL )
- return( NULL );
-
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- return( ssl->session->peer_cert );
-#else
- return( NULL );
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
- mbedtls_ssl_session *dst )
-{
- int ret;
-
- if( ssl == NULL ||
- dst == NULL ||
- ssl->session == NULL ||
- ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer
- * idempotent: Each session can only be exported once.
- *
- * (This is in preparation for TLS 1.3 support where we will
- * need the ability to export multiple sessions (aka tickets),
- * which will be achieved by calling mbedtls_ssl_get_session()
- * multiple times until it fails.)
- *
- * Check whether we have already exported the current session,
- * and fail if so.
- */
- if( ssl->session->exported == 1 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-
- ret = mbedtls_ssl_session_copy( dst, ssl->session );
- if( ret != 0 )
- return( ret );
-
- /* Remember that we've exported the session. */
- ssl->session->exported = 1;
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/*
- * Define ticket header determining Mbed TLS version
- * and structure of the ticket.
- */
-
-/*
- * Define bitflag determining compile-time settings influencing
- * structure of serialized SSL sessions.
- */
-
-#if defined(MBEDTLS_HAVE_TIME)
-#define SSL_SERIALIZED_SESSION_CONFIG_TIME 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_TIME 0
-#endif /* MBEDTLS_HAVE_TIME */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#define SSL_SERIALIZED_SESSION_CONFIG_CRT 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
-#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 0
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-#define SSL_SERIALIZED_SESSION_CONFIG_MFL 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_ETM 0
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 1
-#else
-#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0
-#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1
-#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2
-#define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3
-#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 4
-#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 5
-
-#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
- ( (uint16_t) ( \
- ( SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \
- ( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) ) )
-
-static unsigned char ssl_serialized_session_header[] = {
- MBEDTLS_VERSION_MAJOR,
- MBEDTLS_VERSION_MINOR,
- MBEDTLS_VERSION_PATCH,
- MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-};
-
-/*
- * Serialize a session in the following format:
- * (in the presentation language of TLS, RFC 8446 section 3)
- *
- * struct {
- *
- * opaque mbedtls_version[3]; // library version: major, minor, patch
- * opaque session_format[2]; // library-version specific 16-bit field
- * // determining the format of the remaining
- * // serialized data.
- *
- * Note: When updating the format, remember to keep
- * these version+format bytes.
- *
- * // In this version, `session_format` determines
- * // the setting of those compile-time
- * // configuration options which influence
- * // the structure of mbedtls_ssl_session.
- *
- * uint8_t minor_ver; // Protocol-version. Possible values:
- * // - TLS 1.2 (MBEDTLS_SSL_MINOR_VERSION_3)
- *
- * select (serialized_session.minor_ver) {
- *
- * case MBEDTLS_SSL_MINOR_VERSION_3: // TLS 1.2
- * serialized_session_tls12 data;
- *
- * };
- *
- * } serialized_session;
- *
- */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Serialization of TLS 1.2 sessions:
*
* struct {
@@ -4862,82 +7584,7 @@
return( used );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static int ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char omit_header,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t used = 0;
-
- if( !omit_header )
- {
- /*
- * Add Mbed TLS version identifier
- */
-
- used += sizeof( ssl_serialized_session_header );
-
- if( used <= buf_len )
- {
- memcpy( p, ssl_serialized_session_header,
- sizeof( ssl_serialized_session_header ) );
- p += sizeof( ssl_serialized_session_header );
- }
- }
-
- /*
- * TLS version identifier
- */
- used += 1;
- if( used <= buf_len )
- {
- *p++ = session->minor_ver;
- }
-
- /* Forward to version-specific serialization routine. */
- switch( session->minor_ver )
- {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- case MBEDTLS_SSL_MINOR_VERSION_3:
- {
- size_t remaining_len = used <= buf_len ? buf_len - used : 0;
- used += ssl_session_save_tls12( session, p, remaining_len );
- break;
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
- default:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- *olen = used;
- if( used > buf_len )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
- return( 0 );
-}
-
-/*
- * Public wrapper for ssl_session_save()
- */
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
-{
- return( ssl_session_save( session, 0, buf, buf_len, olen ) );
-}
-
-/*
- * Deserialize session, see mbedtls_ssl_session_save() for format.
- *
- * This internal version is wrapped by a public function that cleans up in
- * case of error, and has an extra option omit_header.
- */
static int ssl_session_load_tls12( mbedtls_ssl_session *session,
const unsigned char *buf,
size_t len )
@@ -5136,2057 +7783,45 @@
return( 0 );
}
-
-static int ssl_session_load( mbedtls_ssl_session *session,
- unsigned char omit_header,
- const unsigned char *buf,
- size_t len )
-{
- const unsigned char *p = buf;
- const unsigned char * const end = buf + len;
-
- if( !omit_header )
- {
- /*
- * Check Mbed TLS version identifier
- */
-
- if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( memcmp( p, ssl_serialized_session_header,
- sizeof( ssl_serialized_session_header ) ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
- }
- p += sizeof( ssl_serialized_session_header );
- }
-
- /*
- * TLS version identifier
- */
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- session->minor_ver = *p++;
-
- /* Dispatch according to TLS version. */
- switch( session->minor_ver )
- {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- case MBEDTLS_SSL_MINOR_VERSION_3: /* TLS 1.2 */
- {
- size_t remaining_len = ( end - p );
- return( ssl_session_load_tls12( session, p, remaining_len ) );
- }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- default:
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-}
-
-/*
- * Deserialize session: public wrapper for error cleaning
- */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len )
+int mbedtls_ssl_validate_ciphersuite(
+ const mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ mbedtls_ssl_protocol_version min_tls_version,
+ mbedtls_ssl_protocol_version max_tls_version )
{
- int ret = ssl_session_load( session, 0, buf, len );
-
- if( ret != 0 )
- mbedtls_ssl_session_free( session );
-
- return( ret );
-}
-
-/*
- * Perform a single step of the SSL handshake
- */
-static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
- return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
- {
- if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- return( ret );
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- return( ret );
-}
-
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ssl == NULL ||
- ssl->conf == NULL ||
- ssl->handshake == NULL ||
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- ret = ssl_prepare_handshake_step( ssl );
- if( ret != 0 )
- return( ret );
-
- ret = mbedtls_ssl_handle_pending_alert( ssl );
- if( ret != 0 )
- goto cleanup;
-
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
- ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
- ret = mbedtls_ssl_handshake_client_step( ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- }
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
- ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
- ret = mbedtls_ssl_handshake_server_step( ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- }
-#endif
-
- if( ret != 0 )
- {
- /* handshake_step return error. And it is same
- * with alert_reason.
- */
- if( ssl->send_alert )
- {
- ret = mbedtls_ssl_handle_pending_alert( ssl );
- goto cleanup;
- }
- }
-
-cleanup:
- return( ret );
-}
-
-/*
- * Perform the SSL handshake
- */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
-{
- int ret = 0;
-
- /* Sanity checks */
-
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
- "mbedtls_ssl_set_timer_cb() for DTLS" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
-
- /* Main handshake loop */
- while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- ret = mbedtls_ssl_handshake_step( ssl );
-
- if( ret != 0 )
- break;
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-#if defined(MBEDTLS_SSL_SRV_C)
-/*
- * Write HelloRequest to request renegotiation on server
- */
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
-
- ssl->out_msglen = 4;
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
-
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-/*
- * Actually renegotiate current connection, triggered by either:
- * - any side: calling mbedtls_ssl_renegotiate(),
- * - client: receiving a HelloRequest during mbedtls_ssl_read(),
- * - server: receiving any handshake message on server during mbedtls_ssl_read() after
- * the initial handshake is completed.
- * If the handshake doesn't complete due to waiting for I/O, it will continue
- * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
- */
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
-
- if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- return( ret );
-
- /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
- * the ServerHello will have message_seq = 1" */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
- {
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- ssl->handshake->out_msg_seq = 1;
- else
- ssl->handshake->in_msg_seq = 1;
- }
-#endif
-
- ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
- ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
-
- if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
-
- return( 0 );
-}
-
-/*
- * Renegotiate current connection on client,
- * or request renegotiation on server
- */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
- if( ssl == NULL || ssl->conf == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_SSL_SRV_C)
- /* On server, just send the request */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
-
- /* Did we already try/start sending HelloRequest? */
- if( ssl->out_left != 0 )
- return( mbedtls_ssl_flush_output( ssl ) );
-
- return( ssl_write_hello_request( ssl ) );
- }
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
- /*
- * On client, either start the renegotiation process or,
- * if already in progress, continue the handshake
- */
- if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret );
- return( ret );
- }
- }
- else
- {
- if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
- return( ret );
- }
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-
- return( ret );
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
-{
- mbedtls_ssl_key_cert *cur = key_cert, *next;
-
- while( cur != NULL )
- {
- next = cur->next;
- mbedtls_free( cur );
- cur = next;
- }
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
-{
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
- if( handshake == NULL )
- return;
-
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- if ( ssl->handshake->group_list_heap_allocated )
- mbedtls_free( (void*) handshake->group_list );
- handshake->group_list = NULL;
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
- {
- ssl->conf->f_async_cancel( ssl );
- handshake->async_in_progress = 0;
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &handshake->fin_sha256_psa );
-#else
- mbedtls_sha256_free( &handshake->fin_sha256 );
-#endif
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort( &handshake->fin_sha384_psa );
-#else
- mbedtls_sha512_free( &handshake->fin_sha512 );
-#endif
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_free( &handshake->dhm_ctx );
-#endif
-#if defined(MBEDTLS_ECDH_C)
- mbedtls_ecdh_free( &handshake->ecdh_ctx );
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
-#if defined(MBEDTLS_SSL_CLI_C)
- mbedtls_free( handshake->ecjpake_cache );
- handshake->ecjpake_cache = NULL;
- handshake->ecjpake_cache_len = 0;
-#endif
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- /* explicit void pointer cast for buggy MS compiler */
- mbedtls_free( (void *) handshake->curves );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( handshake->psk != NULL )
- {
- mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
- mbedtls_free( handshake->psk );
- }
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- /*
- * Free only the linked list wrapper, not the keys themselves
- * since the belong to the SNI callback
- */
- if( handshake->sni_key_cert != NULL )
- {
- mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next;
-
- while( cur != NULL )
- {
- next = cur->next;
- mbedtls_free( cur );
- cur = next;
- }
- }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
- if( handshake->ecrs_peer_cert != NULL )
- {
- mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
- mbedtls_free( handshake->ecrs_peer_cert );
- }
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_free( &handshake->peer_pubkey );
-#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- mbedtls_free( handshake->verify_cookie );
- mbedtls_ssl_flight_free( handshake->flight );
- mbedtls_ssl_buffering_free( ssl );
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_destroy_key( handshake->ecdh_psa_privkey );
-#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_ssl_transform_free( handshake->transform_handshake );
- mbedtls_ssl_transform_free( handshake->transform_earlydata );
- mbedtls_free( handshake->transform_earlydata );
- mbedtls_free( handshake->transform_handshake );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* If the buffers are too big - reallocate. Because of the way Mbed TLS
- * processes datagrams and the fact that a datagram is allowed to have
- * several records in it, it is possible that the I/O buffers are not
- * empty at this stage */
- handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
- mbedtls_ssl_get_output_buflen( ssl ) );
-#endif
-
- /* mbedtls_platform_zeroize MUST be last one in this function */
- mbedtls_platform_zeroize( handshake,
- sizeof( mbedtls_ssl_handshake_params ) );
-}
-
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
-{
- if( session == NULL )
- return;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl_clear_peer_cert( session );
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- mbedtls_free( session->ticket );
-#endif
-
- mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
-}
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 1u
-#else
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
-#else
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 0u
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_ALPN)
-#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 1u
-#else
-#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 0u
-#endif /* MBEDTLS_SSL_ALPN */
-
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT 0
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT 1
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT 2
-#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3
-
-#define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \
- ( (uint32_t) ( \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ) | \
- ( SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT ) | \
- 0u ) )
-
-static unsigned char ssl_serialized_context_header[] = {
- MBEDTLS_VERSION_MAJOR,
- MBEDTLS_VERSION_MINOR,
- MBEDTLS_VERSION_PATCH,
- MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
- MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
-};
-
-/*
- * Serialize a full SSL context
- *
- * The format of the serialized data is:
- * (in the presentation language of TLS, RFC 8446 section 3)
- *
- * // header
- * opaque mbedtls_version[3]; // major, minor, patch
- * opaque context_format[5]; // version-specific field determining
- * // the format of the remaining
- * // serialized data.
- * Note: When updating the format, remember to keep these
- * version+format bytes. (We may make their size part of the API.)
- *
- * // session sub-structure
- * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
- * // transform sub-structure
- * uint8 random[64]; // ServerHello.random+ClientHello.random
- * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
- * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
- * // fields from ssl_context
- * uint32 badmac_seen; // DTLS: number of records with failing MAC
- * uint64 in_window_top; // DTLS: last validated record seq_num
- * uint64 in_window; // DTLS: bitmask for replay protection
- * uint8 disable_datagram_packing; // DTLS: only one record per datagram
- * uint64 cur_out_ctr; // Record layer: outgoing sequence number
- * uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
- * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
- *
- * Note that many fields of the ssl_context or sub-structures are not
- * serialized, as they fall in one of the following categories:
- *
- * 1. forced value (eg in_left must be 0)
- * 2. pointer to dynamically-allocated memory (eg session, transform)
- * 3. value can be re-derived from other data (eg session keys from MS)
- * 4. value was temporary (eg content of input buffer)
- * 5. value will be provided by the user again (eg I/O callbacks and context)
- */
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t used = 0;
- size_t session_len;
- int ret = 0;
-
- /*
- * Enforce usage restrictions, see "return BAD_INPUT_DATA" in
- * this function's documentation.
- *
- * These are due to assumptions/limitations in the implementation. Some of
- * them are likely to stay (no handshake in progress) some might go away
- * (only DTLS) but are currently used to simplify the implementation.
- */
- /* The initial handshake must be over */
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- if( ssl->handshake != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* Double-check that sub-structures are indeed ready */
- if( ssl->transform == NULL || ssl->session == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* There must be no pending incoming or outgoing data */
- if( mbedtls_ssl_check_pending( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- if( ssl->out_left != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* Protocol must be DLTS, not TLS */
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* Version must be 1.2 */
- if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* We must be using an AEAD ciphersuite */
- if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
- /* Renegotiation must not be enabled */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-#endif
-
- /*
- * Version and format identifier
- */
- used += sizeof( ssl_serialized_context_header );
-
- if( used <= buf_len )
- {
- memcpy( p, ssl_serialized_context_header,
- sizeof( ssl_serialized_context_header ) );
- p += sizeof( ssl_serialized_context_header );
- }
-
- /*
- * Session (length + data)
- */
- ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len );
- if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
- return( ret );
-
- used += 4 + session_len;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
- p += 4;
-
- ret = ssl_session_save( ssl->session, 1,
- p, session_len, &session_len );
- if( ret != 0 )
- return( ret );
-
- p += session_len;
- }
-
- /*
- * Transform
- */
- used += sizeof( ssl->transform->randbytes );
- if( used <= buf_len )
- {
- memcpy( p, ssl->transform->randbytes,
- sizeof( ssl->transform->randbytes ) );
- p += sizeof( ssl->transform->randbytes );
- }
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
- if( used <= buf_len )
- {
- *p++ = ssl->transform->in_cid_len;
- memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
- p += ssl->transform->in_cid_len;
-
- *p++ = ssl->transform->out_cid_len;
- memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
- p += ssl->transform->out_cid_len;
- }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /*
- * Saved fields from top-level ssl_context structure
- */
- used += 4;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
- p += 4;
- }
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- used += 16;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
- p += 8;
-
- MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
- p += 8;
- }
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- used += 1;
- if( used <= buf_len )
- {
- *p++ = ssl->disable_datagram_packing;
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
- if( used <= buf_len )
- {
- memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
- p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
- }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- used += 2;
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
- p += 2;
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_ALPN)
- {
- const uint8_t alpn_len = ssl->alpn_chosen
- ? (uint8_t) strlen( ssl->alpn_chosen )
- : 0;
-
- used += 1 + alpn_len;
- if( used <= buf_len )
- {
- *p++ = alpn_len;
-
- if( ssl->alpn_chosen != NULL )
- {
- memcpy( p, ssl->alpn_chosen, alpn_len );
- p += alpn_len;
- }
- }
- }
-#endif /* MBEDTLS_SSL_ALPN */
-
- /*
- * Done
- */
- *olen = used;
-
- if( used > buf_len )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used );
-
- return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
-}
-
-/*
- * Helper to get TLS 1.2 PRF from ciphersuite
- * (Duplicates bits of logic from ssl_set_handshake_prfs().)
- */
-typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
-static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
-{
-#if defined(MBEDTLS_SHA384_C)
- const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
-
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- return( tls_prf_sha384 );
-#else
- (void) ciphersuite_id;
-#endif
- return( tls_prf_sha256 );
-}
-
-/*
- * Deserialize context, see mbedtls_ssl_context_save() for format.
- *
- * This internal version is wrapped by a public function that cleans up in
- * case of error.
- */
-static int ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
-{
- const unsigned char *p = buf;
- const unsigned char * const end = buf + len;
- size_t session_len;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- /*
- * The context should have been freshly setup or reset.
- * Give the user an error in case of obvious misuse.
- * (Checking session is useful because it won't be NULL if we're
- * renegotiating, or if the user mistakenly loaded a session first.)
- */
- if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
- ssl->session != NULL )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- /*
- * We can't check that the config matches the initial one, but we can at
- * least check it matches the requirements for serializing.
- */
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
- ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 ||
- ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
- ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
-#endif
- 0 )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len );
-
- /*
- * Check version identifier
- */
- if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( memcmp( p, ssl_serialized_context_header,
- sizeof( ssl_serialized_context_header ) ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
- }
- p += sizeof( ssl_serialized_context_header );
-
- /*
- * Session
- */
- if( (size_t)( end - p ) < 4 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session_len = ( (size_t) p[0] << 24 ) |
- ( (size_t) p[1] << 16 ) |
- ( (size_t) p[2] << 8 ) |
- ( (size_t) p[3] );
- p += 4;
-
- /* This has been allocated by ssl_handshake_init(), called by
- * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
- ssl->session = ssl->session_negotiate;
- ssl->session_in = ssl->session;
- ssl->session_out = ssl->session;
- ssl->session_negotiate = NULL;
-
- if( (size_t)( end - p ) < session_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ret = ssl_session_load( ssl->session, 1, p, session_len );
- if( ret != 0 )
- {
- mbedtls_ssl_session_free( ssl->session );
- return( ret );
- }
-
- p += session_len;
-
- /*
- * Transform
- */
-
- /* This has been allocated by ssl_handshake_init(), called by
- * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
- ssl->transform = ssl->transform_negotiate;
- ssl->transform_in = ssl->transform;
- ssl->transform_out = ssl->transform;
- ssl->transform_negotiate = NULL;
-
- /* Read random bytes and populate structure */
- if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ret = ssl_tls12_populate_transform( ssl->transform,
- ssl->session->ciphersuite,
- ssl->session->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->session->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
- p, /* currently pointing to randbytes */
- MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
- ssl->conf->endpoint,
- ssl );
- if( ret != 0 )
- return( ret );
-
- p += sizeof( ssl->transform->randbytes );
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* Read connection IDs and store them */
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->transform->in_cid_len = *p++;
-
- if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
- p += ssl->transform->in_cid_len;
-
- ssl->transform->out_cid_len = *p++;
-
- if( (size_t)( end - p ) < ssl->transform->out_cid_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
- p += ssl->transform->out_cid_len;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /*
- * Saved fields from top-level ssl_context structure
- */
- if( (size_t)( end - p ) < 4 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
- p += 4;
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( (size_t)( end - p ) < 16 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->in_window_top = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
- p += 8;
-
- ssl->in_window = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
- p += 8;
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->disable_datagram_packing = *p++;
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
- p += sizeof( ssl->cur_out_ctr );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( (size_t)( end - p ) < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- ssl->mtu = ( p[0] << 8 ) | p[1];
- p += 2;
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_ALPN)
- {
- uint8_t alpn_len;
- const char **cur;
-
- if( (size_t)( end - p ) < 1 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- alpn_len = *p++;
-
- if( alpn_len != 0 && ssl->conf->alpn_list != NULL )
- {
- /* alpn_chosen should point to an item in the configured list */
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- {
- if( strlen( *cur ) == alpn_len &&
- memcmp( p, cur, alpn_len ) == 0 )
- {
- ssl->alpn_chosen = *cur;
- break;
- }
- }
- }
-
- /* can only happen on conf mismatch */
- if( alpn_len != 0 && ssl->alpn_chosen == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- p += alpn_len;
- }
-#endif /* MBEDTLS_SSL_ALPN */
-
- /*
- * Forced fields from top-level ssl_context structure
- *
- * Most of them already set to the correct value by mbedtls_ssl_init() and
- * mbedtls_ssl_reset(), so we only need to set the remaining ones.
- */
- ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
-
- ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
-
- /* Adjust pointers for header fields of outgoing records to
- * the given transform, accounting for explicit IV and CID. */
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- ssl->in_epoch = 1;
-#endif
-
- /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated,
- * which we don't want - otherwise we'd end up freeing the wrong transform
- * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform()
- * inappropriately. */
- if( ssl->handshake != NULL )
- {
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_free( ssl->handshake );
- ssl->handshake = NULL;
- }
-
- /*
- * Done - should have consumed entire buffer
- */
- if( p != end )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- return( 0 );
-}
-
-/*
- * Deserialize context: public wrapper for error cleaning
- */
-int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
- const unsigned char *buf,
- size_t len )
-{
- int ret = ssl_context_load( context, buf, len );
-
- if( ret != 0 )
- mbedtls_ssl_free( context );
-
- return( ret );
-}
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-/*
- * Free an SSL context
- */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
-{
- if( ssl == NULL )
- return;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
-
- if( ssl->out_buf != NULL )
- {
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len = ssl->out_buf_len;
-#else
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
-#endif
-
- mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
- mbedtls_free( ssl->out_buf );
- ssl->out_buf = NULL;
- }
-
- if( ssl->in_buf != NULL )
- {
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len = ssl->in_buf_len;
-#else
- size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
-#endif
-
- mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
- mbedtls_free( ssl->in_buf );
- ssl->in_buf = NULL;
- }
-
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
- }
-
- if( ssl->handshake )
- {
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_ssl_transform_free( ssl->transform_negotiate );
- mbedtls_ssl_session_free( ssl->session_negotiate );
-
- mbedtls_free( ssl->handshake );
- mbedtls_free( ssl->transform_negotiate );
- mbedtls_free( ssl->session_negotiate );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_ssl_transform_free( ssl->transform_application );
- mbedtls_free( ssl->transform_application );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- if( ssl->session )
- {
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
- }
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( ssl->hostname != NULL )
- {
- mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
- mbedtls_free( ssl->hostname );
- }
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- mbedtls_free( ssl->cli_id );
-#endif
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
-
- /* Actually clear after last debug message */
- mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
-}
-
-/*
- * Initialze mbedtls_ssl_config
- */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
-{
- memset( conf, 0, sizeof( mbedtls_ssl_config ) );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/* The selection should be the same as mbedtls_x509_crt_profile_default in
- * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
- * for no fundamental reason.
- * See the documentation of mbedtls_ssl_conf_curves() for what we promise
- * about this list. */
-static int ssl_preset_default_hashes[] = {
-#if defined(MBEDTLS_SHA512_C)
- MBEDTLS_MD_SHA512,
-#endif
-#if defined(MBEDTLS_SHA384_C)
- MBEDTLS_MD_SHA384,
-#endif
-#if defined(MBEDTLS_SHA256_C)
- MBEDTLS_MD_SHA256,
-#endif
- MBEDTLS_MD_NONE
-};
-#endif
-
-/* The selection should be the same as mbedtls_x509_crt_profile_default in
- * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
- * curves with a lower resource usage come first.
- * See the documentation of mbedtls_ssl_conf_curves() for what we promise
- * about this list.
- */
-static uint16_t ssl_preset_default_groups[] = {
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_X448,
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
-#endif
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE
-};
-
-static int ssl_preset_suiteb_ciphersuites[] = {
- MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- 0
-};
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-static int ssl_preset_suiteb_hashes[] = {
- MBEDTLS_MD_SHA256,
- MBEDTLS_MD_SHA384,
- MBEDTLS_MD_NONE
-};
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-static uint16_t ssl_preset_default_sig_algs[] = {
- /* ECDSA algorithms */
-#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#endif /* MBEDTLS_ECDSA_C */
-
- /* RSA algorithms */
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
-#endif
- MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
-
- MBEDTLS_TLS1_3_SIG_NONE
-};
-
-static uint16_t ssl_preset_suiteb_sig_algs[] = {
- /* ECDSA algorithms */
-#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#endif /* MBEDTLS_ECDSA_C */
-
- /* RSA algorithms */
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
-#endif
- MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
-
- MBEDTLS_TLS1_3_SIG_NONE
-};
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif
-
-static uint16_t ssl_preset_suiteb_groups[] = {
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
-#endif
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE
-};
-
-/*
- * Load default in mbedtls_ssl_config
- */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset )
-{
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
-
- /* Use the functions here so that they are covered in tests,
- * but otherwise access member directly for efficiency */
- mbedtls_ssl_conf_endpoint( conf, endpoint );
- mbedtls_ssl_conf_transport( conf, transport );
-
- /*
- * Things that are common to all presets
- */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
-#endif
- }
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- conf->f_cookie_write = ssl_cookie_write_dummy;
- conf->f_cookie_check = ssl_cookie_check_dummy;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
- conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
- conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
- conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
-#endif
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
- memset( conf->renego_period, 0x00, 2 );
- memset( conf->renego_period + 2, 0xFF, 6 );
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- const unsigned char dhm_p[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
- const unsigned char dhm_g[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
-
- if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
- dhm_p, sizeof( dhm_p ),
- dhm_g, sizeof( dhm_g ) ) ) != 0 )
- {
- return( ret );
- }
- }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- /*
- * Allow all TLS 1.3 key exchange modes by default.
- */
- conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- /*
- * Preset-specific defaults
- */
- switch( preset )
- {
- /*
- * NSA Suite B
- */
- case MBEDTLS_SSL_PRESET_SUITEB:
- conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
- conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
- conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
-
- conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- conf->sig_hashes = ssl_preset_suiteb_hashes;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif
-
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
- conf->group_list = ssl_preset_suiteb_groups;
- break;
-
- /*
- * Default
- */
- default:
- conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
- MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
- MBEDTLS_SSL_MIN_MAJOR_VERSION :
- MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
- conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
- MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
- MBEDTLS_SSL_MIN_MINOR_VERSION :
- MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
- conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
- conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
-#endif
- conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- conf->cert_profile = &mbedtls_x509_crt_profile_default;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- conf->sig_hashes = ssl_preset_default_hashes;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- conf->tls13_sig_algs = ssl_preset_default_sig_algs;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
- conf->group_list = ssl_preset_default_groups;
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- conf->dhm_min_bitlen = 1024;
-#endif
- }
-
- return( 0 );
-}
-
-/*
- * Free mbedtls_ssl_config
- */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
-{
-#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi_free( &conf->dhm_P );
- mbedtls_mpi_free( &conf->dhm_G );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( conf->psk != NULL )
- {
- mbedtls_platform_zeroize( conf->psk, conf->psk_len );
- mbedtls_free( conf->psk );
- conf->psk = NULL;
- conf->psk_len = 0;
- }
-
- if( conf->psk_identity != NULL )
- {
- mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
- mbedtls_free( conf->psk_identity );
- conf->psk_identity = NULL;
- conf->psk_identity_len = 0;
- }
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl_key_cert_free( conf->key_cert );
-#endif
-
- mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
-}
-
-#if defined(MBEDTLS_PK_C) && \
- ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
-/*
- * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
- */
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
-{
-#if defined(MBEDTLS_RSA_C)
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
- return( MBEDTLS_SSL_SIG_RSA );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
- return( MBEDTLS_SSL_SIG_ECDSA );
-#endif
- return( MBEDTLS_SSL_SIG_ANON );
-}
-
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
-{
- switch( type ) {
- case MBEDTLS_PK_RSA:
- return( MBEDTLS_SSL_SIG_RSA );
- case MBEDTLS_PK_ECDSA:
- case MBEDTLS_PK_ECKEY:
- return( MBEDTLS_SSL_SIG_ECDSA );
- default:
- return( MBEDTLS_SSL_SIG_ANON );
- }
-}
-
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
-{
- switch( sig )
- {
-#if defined(MBEDTLS_RSA_C)
- case MBEDTLS_SSL_SIG_RSA:
- return( MBEDTLS_PK_RSA );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
- case MBEDTLS_SSL_SIG_ECDSA:
- return( MBEDTLS_PK_ECDSA );
-#endif
- default:
- return( MBEDTLS_PK_NONE );
- }
-}
-#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg )
-{
- switch( sig_alg )
- {
- case MBEDTLS_PK_RSA:
- return( set->rsa );
- case MBEDTLS_PK_ECDSA:
- return( set->ecdsa );
- default:
- return( MBEDTLS_MD_NONE );
- }
-}
-
-/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg,
- mbedtls_md_type_t md_alg )
-{
- switch( sig_alg )
- {
- case MBEDTLS_PK_RSA:
- if( set->rsa == MBEDTLS_MD_NONE )
- set->rsa = md_alg;
- break;
-
- case MBEDTLS_PK_ECDSA:
- if( set->ecdsa == MBEDTLS_MD_NONE )
- set->ecdsa = md_alg;
- break;
-
- default:
- break;
- }
-}
-
-/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_md_type_t md_alg )
-{
- set->rsa = md_alg;
- set->ecdsa = md_alg;
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-/*
- * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
- */
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
-{
- switch( hash )
- {
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_SSL_HASH_MD5:
- return( MBEDTLS_MD_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_SSL_HASH_SHA1:
- return( MBEDTLS_MD_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA224_C)
- case MBEDTLS_SSL_HASH_SHA224:
- return( MBEDTLS_MD_SHA224 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_SSL_HASH_SHA256:
- return( MBEDTLS_MD_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_SSL_HASH_SHA384:
- return( MBEDTLS_MD_SHA384 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_SSL_HASH_SHA512:
- return( MBEDTLS_MD_SHA512 );
-#endif
- default:
- return( MBEDTLS_MD_NONE );
- }
-}
-
-/*
- * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
- */
-unsigned char mbedtls_ssl_hash_from_md_alg( int md )
-{
- switch( md )
- {
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_MD_MD5:
- return( MBEDTLS_SSL_HASH_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_MD_SHA1:
- return( MBEDTLS_SSL_HASH_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA224_C)
- case MBEDTLS_MD_SHA224:
- return( MBEDTLS_SSL_HASH_SHA224 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA256:
- return( MBEDTLS_SSL_HASH_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_MD_SHA384:
- return( MBEDTLS_SSL_HASH_SHA384 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA512:
- return( MBEDTLS_SSL_HASH_SHA512 );
-#endif
- default:
- return( MBEDTLS_SSL_HASH_NONE );
- }
-}
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Check if a curve proposed by the peer is in our list.
- * Return 0 if we're willing to use it, -1 otherwise.
- */
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
-{
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
-
- if( group_list == NULL )
- return( -1 );
- uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
-
- for( ; *group_list != 0; group_list++ )
- {
- if( *group_list == tls_id )
- return( 0 );
- }
-
- return( -1 );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
- * Check if a hash proposed by the peer is in our list.
- * Return 0 if we're willing to use it, -1 otherwise.
- */
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
- mbedtls_md_type_t md )
-{
- const int *cur;
-
- if( ssl->conf->sig_hashes == NULL )
- return( -1 );
-
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- if( *cur == (int) md )
- return( 0 );
-
- return( -1 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
- const mbedtls_ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint,
- uint32_t *flags )
-{
- int ret = 0;
- int usage = 0;
- const char *ext_oid;
- size_t ext_len;
-
- if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- /* Server part of the key exchange */
- switch( ciphersuite->key_exchange )
- {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
- break;
-
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
- break;
-
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
- break;
-
- /* Don't use default: we want warnings when adding new values */
- case MBEDTLS_KEY_EXCHANGE_NONE:
- case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- usage = 0;
- }
- }
- else
- {
- /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
- usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
- }
-
- if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
- {
- *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
- ret = -1;
- }
-
- if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- ext_oid = MBEDTLS_OID_SERVER_AUTH;
- ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
- }
- else
- {
- ext_oid = MBEDTLS_OID_CLIENT_AUTH;
- ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
- }
-
- if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
- {
- *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
- ret = -1;
- }
-
- return( ret );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return( -1 );
-
- switch( md )
- {
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_SSL_HASH_SHA384:
- ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
- break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_SSL_HASH_SHA256:
- ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
- break;
-#endif
- default:
- return( -1 );
- }
-
- return 0;
-#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
(void) ssl;
- (void) md;
- return( -1 );
+ if( suite_info == NULL )
+ return( -1 );
+
+ if( ( suite_info->min_tls_version > max_tls_version ) ||
+ ( suite_info->max_tls_version < min_tls_version ) )
+ {
+ return( -1 );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+ mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+ {
+ return( -1 );
+ }
+#endif
+
+ /* Don't suggest PSK-based ciphersuite if no PSK is available. */
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
+ mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ {
+ return( -1 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
-{
- psa_status_t status;
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
-
- if( ( status = psa_hash_setup( &hash_operation,
- hash_alg ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
- goto exit;
- }
-
- if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
- 64 ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
- goto exit;
- }
-
- if( ( status = psa_hash_update( &hash_operation,
- data, data_len ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
- goto exit;
- }
-
- if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
- hashlen ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
- goto exit;
- }
-
-exit:
- if( status != PSA_SUCCESS )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- switch( status )
- {
- case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
- case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
- default:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- }
- }
return( 0 );
}
-#else
-
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
-{
- int ret = 0;
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- *hashlen = mbedtls_md_get_size( md_info );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
-
- mbedtls_md_init( &ctx );
-
- /*
- * digitally-signed struct {
- * opaque client_random[32];
- * opaque server_random[32];
- * ServerDHParams params;
- * };
- */
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
- goto exit;
- }
-
-exit:
- mbedtls_md_free( &ctx );
-
- if( ret != 0 )
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
- return( ret );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen )
-{
- ((void) ssl);
- ((void) md);
- ((void) dst);
- ((void) dst_len);
- *olen = 0;
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
-}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_SHA384_C)
-static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen )
-{
- int ret;
- mbedtls_sha512_context sha512;
-
- if( dst_len < 48 )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- mbedtls_sha512_init( &sha512 );
- mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
-
- if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
- goto exit;
- }
-
- *olen = 48;
-
-exit:
-
- mbedtls_sha512_free( &sha512 );
- return( ret );
-}
-#endif /* MBEDTLS_SHA384_C */
-
-#if defined(MBEDTLS_SHA256_C)
-static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen )
-{
- int ret;
- mbedtls_sha256_context sha256;
-
- if( dst_len < 32 )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- mbedtls_sha256_init( &sha256 );
- mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
-
- if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
- goto exit;
- }
-
- *olen = 32;
-
-exit:
-
- mbedtls_sha256_free( &sha256 );
- return( ret );
-}
-#endif /* MBEDTLS_SHA256_C */
-
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen )
-{
- switch( md )
- {
-
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_MD_SHA384:
- return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
-#endif /* MBEDTLS_SHA384_C */
-
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA256:
- return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
-#endif /* MBEDTLS_SHA256_C */
-
- default:
- break;
- }
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_cli.c b/library/ssl_tls12_client.c
similarity index 76%
rename from library/ssl_cli.c
rename to library/ssl_tls12_client.c
index 32d4969..dcc7dfb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_tls12_client.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -30,6 +30,7 @@
#endif
#include "mbedtls/ssl.h"
+#include "ssl_client.h"
#include "ssl_misc.h"
#include "mbedtls/debug.h"
#include "mbedtls/error.h"
@@ -53,7 +54,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
+int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
{
if( conf->psk_identity == NULL ||
conf->psk_identity_len == 0 )
@@ -90,76 +91,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t hostname_len;
-
- *olen = 0;
-
- if( ssl->hostname == NULL )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding server name extension: %s",
- ssl->hostname ) );
-
- hostname_len = strlen( ssl->hostname );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
-
- /*
- * Sect. 3, RFC 6066 (TLS Extensions Definitions)
- *
- * In order to provide any of the server names, clients MAY include an
- * extension of type "server_name" in the (extended) client hello. The
- * "extension_data" field of this extension SHALL contain
- * "ServerNameList" where:
- *
- * struct {
- * NameType name_type;
- * select (name_type) {
- * case host_name: HostName;
- * } name;
- * } ServerName;
- *
- * enum {
- * host_name(0), (255)
- * } NameType;
- *
- * opaque HostName<1..2^16-1>;
- *
- * struct {
- * ServerName server_name_list<1..2^16-1>
- * } ServerNameList;
- *
- */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
- p += 2;
-
- *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
-
- MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
- p += 2;
-
- memcpy( p, ssl->hostname, hostname_len );
-
- *olen = hostname_len + 9;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
#if defined(MBEDTLS_SSL_RENEGOTIATION)
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -199,171 +130,8 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
-/*
- * Only if we handle at least one key exchange that needs signatures.
- */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t sig_alg_len = 0;
- const int *md;
-
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
- unsigned char *sig_alg_list = buf + 6;
-#endif
-
- *olen = 0;
-
- if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding signature_algorithms extension" ) );
-
- if( ssl->conf->sig_hashes == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
-#if defined(MBEDTLS_ECDSA_C)
- sig_alg_len += 2;
-#endif
-#if defined(MBEDTLS_RSA_C)
- sig_alg_len += 2;
-#endif
- if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "length in bytes of sig-hash-alg extension too big" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
- }
-
- /* Empty signature algorithms list, this is a configuration error. */
- if( sig_alg_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
-
- /*
- * Prepare signature_algorithms extension (TLS 1.2)
- */
- sig_alg_len = 0;
-
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
-#if defined(MBEDTLS_ECDSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
- sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
-#endif
-#if defined(MBEDTLS_RSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
- sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
-#endif
- }
-
- /*
- * enum {
- * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
- * sha512(6), (255)
- * } HashAlgorithm;
- *
- * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
- * SignatureAlgorithm;
- *
- * struct {
- * HashAlgorithm hash;
- * SignatureAlgorithm signature;
- * } SignatureAndHashAlgorithm;
- *
- * SignatureAndHashAlgorithm
- * supported_signature_algorithms<2..2^16-2>;
- */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
- p += 2;
-
- *olen = 6 + sig_alg_len;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- unsigned char *elliptic_curve_list = p + 6;
- size_t elliptic_curve_len = 0;
- const mbedtls_ecp_curve_info *info;
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
- *olen = 0;
-
- /* Check there is room for header */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding supported_elliptic_curves extension" ) );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( ; *group_list != 0; group_list++ )
- {
- info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "invalid curve in ssl configuration" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
-
- /* Check there is room for another curve */
- MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
-
- MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
- elliptic_curve_len += 2;
-
- if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "malformed supported_elliptic_curves extension in config" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
- }
-
- /* Empty elliptic curve list, this is a configuration error. */
- if( elliptic_curve_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
- p += 2;
-
- *olen = 6 + elliptic_curve_len;
-
- return( 0 );
-}
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -648,65 +416,6 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_ALPN)
-static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t alpnlen = 0;
- const char **cur;
-
- *olen = 0;
-
- if( ssl->conf->alpn_list == NULL )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
-
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += strlen( *cur ) + 1;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
-
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
- p += 2;
-
- /*
- * opaque ProtocolName<1..2^8-1>;
- *
- * struct {
- * ProtocolName protocol_name_list<2..2^16-1>
- * } ProtocolNameList;
- */
-
- /* Skip writing extension and list length for now */
- p += 4;
-
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- {
- /*
- * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
- * protocol names is less than 255.
- */
- *p = (unsigned char)strlen( *cur );
- memcpy( p + 1, *cur, *p );
- p += 1 + *p;
- }
-
- *olen = p - buf;
-
- /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
-
- /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -825,525 +534,114 @@
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-/*
- * Generate random bytes for ClientHello
- */
-static int ssl_generate_random( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ int uses_ec,
+ size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *p = ssl->handshake->randbytes;
-#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t;
-#endif
+ unsigned char *p = buf;
+ size_t ext_len = 0;
- /*
- * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie != NULL )
- {
- return( 0 );
- }
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
- t = mbedtls_time( NULL );
- MBEDTLS_PUT_UINT32_BE( t, p, 0 );
- p += 4;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
- (long long) t ) );
-#else
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
- return( ret );
-
- p += 4;
-#endif /* MBEDTLS_HAVE_TIME */
-
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
- return( ret );
-
- return( 0 );
-}
-
-/**
- * \brief Validate cipher suite against config in SSL context.
- *
- * \param suite_info cipher suite to validate
- * \param ssl SSL context
- * \param min_minor_ver Minimal minor version to accept a cipher suite
- * \param max_minor_ver Maximal minor version to accept a cipher suite
- *
- * \return 0 if valid, else 1
- */
-static int ssl_validate_ciphersuite(
- const mbedtls_ssl_ciphersuite_t * suite_info,
- const mbedtls_ssl_context * ssl,
- int min_minor_ver, int max_minor_ver )
-{
(void) ssl;
- if( suite_info == NULL )
- return( 1 );
+ (void) end;
+ (void) uses_ec;
+ (void) ret;
+ (void) ext_len;
- if( suite_info->min_minor_ver > max_minor_ver ||
- suite_info->max_minor_ver < min_minor_ver )
- return( 1 );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
- return( 1 );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- return( 1 );
-#endif
-
- /* Don't suggest PSK-based ciphersuite if no PSK is available. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl_conf_has_static_psk( ssl->conf ) == 0 )
- {
- return( 1 );
- }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
- return( 0 );
-}
-
-static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, n, olen, ext_len = 0;
-
- unsigned char *buf;
- unsigned char *p, *q;
- const unsigned char *end;
-
- const int *ciphersuites;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- int uses_ec = 0;
-#endif
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
- if( ssl->conf->f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
- return( MBEDTLS_ERR_SSL_NO_RNG );
- }
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
- {
- ssl->major_ver = ssl->conf->min_major_ver;
- ssl->minor_ver = ssl->conf->min_minor_ver;
- }
-
- if( ssl->conf->max_major_ver == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- buf = ssl->out_msg;
- end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
- /*
- * Check if there's enough space for the first part of the ClientHello
- * consisting of the 38 bytes described below, the session identifier (at
- * most 32 bytes) and its length (1 byte).
- *
- * Use static upper bounds instead of the actual values
- * to allow the compiler to optimize this away.
- */
- MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );
-
- /*
- * The 38 first bytes of the ClientHello:
- * 0 . 0 handshake type (written later)
- * 1 . 3 handshake length (written later)
- * 4 . 5 highest version supported
- * 6 . 9 current UNIX time
- * 10 . 37 random bytes
- *
- * The current UNIX time (4 bytes) and following 28 random bytes are written
- * by ssl_generate_random() into ssl->handshake->randbytes buffer and then
- * copied from there into the output buffer.
- */
-
- p = buf + 4;
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
- p += 2;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
- buf[4], buf[5] ) );
-
- if( ( ret = ssl_generate_random( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
- return( ret );
- }
-
- memcpy( p, ssl->handshake->randbytes, 32 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
- p += 32;
-
- /*
- * 38 . 38 session id length
- * 39 . 39+n session id
- * 39+n . 39+n DTLS only: cookie length (1 byte)
- * 40+n . .. DTLS only: cookie
- * .. . .. ciphersuitelist length (2 bytes)
- * .. . .. ciphersuitelist
- * .. . .. compression methods length (1 byte)
- * .. . .. compression methods
- * .. . .. extensions length (2 bytes)
- * .. . .. extensions
- */
- n = ssl->session_negotiate->id_len;
-
- if( n < 16 || n > 32 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
-#endif
- ssl->handshake->resume == 0 )
- {
- n = 0;
- }
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- /*
- * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
- * generate and include a Session ID in the TLS ClientHello."
- */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
- {
- if( ssl->session_negotiate->ticket != NULL &&
- ssl->session_negotiate->ticket_len != 0 )
- {
- ret = ssl->conf->f_rng( ssl->conf->p_rng,
- ssl->session_negotiate->id, 32 );
-
- if( ret != 0 )
- return( ret );
-
- ssl->session_negotiate->id_len = n = 32;
- }
- }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
- /*
- * The first check of the output buffer size above (
- * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );)
- * has checked that there is enough space in the output buffer for the
- * session identifier length byte and the session identifier (n <= 32).
- */
- *p++ = (unsigned char) n;
-
- for( i = 0; i < n; i++ )
- *p++ = ssl->session_negotiate->id[i];
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
-
- /*
- * With 'n' being the length of the session identifier
- *
- * 39+n . 39+n DTLS only: cookie length (1 byte)
- * 40+n . .. DTLS only: cookie
- * .. . .. ciphersuitelist length (2 bytes)
- * .. . .. ciphersuitelist
- * .. . .. compression methods length (1 byte)
- * .. . .. compression methods
- * .. . .. extensions length (2 bytes)
- * .. . .. extensions
- */
-
- /*
- * DTLS cookie
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
-
- if( ssl->handshake->verify_cookie == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
- *p++ = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
-
- *p++ = ssl->handshake->verify_cookie_len;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end,
- ssl->handshake->verify_cookie_len );
- memcpy( p, ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
- p += ssl->handshake->verify_cookie_len;
- }
- }
-#endif
-
- /*
- * Ciphersuite list
- */
- ciphersuites = ssl->conf->ciphersuite_list;
-
- /* Skip writing ciphersuite length for now */
- n = 0;
- q = p;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- p += 2;
-
- for( i = 0; ciphersuites[i] != 0; i++ )
- {
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
-
- if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
- ssl->conf->min_minor_ver,
- ssl->conf->max_minor_ver ) != 0 )
- continue;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
- (unsigned int)ciphersuites[i], ciphersuite_info->name ) );
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
-#endif
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-
- n++;
- MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
- p += 2;
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
-
- /*
- * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
- */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
- p += 2;
- n++;
- }
-
- *q++ = (unsigned char)( n >> 7 );
- *q++ = (unsigned char)( n << 1 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
- MBEDTLS_SSL_COMPRESS_NULL ) );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- *p++ = 1;
- *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-
- /* First write extensions, then the total length */
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
+ *out_len = 0;
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_renegotiation_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
return( ret );
}
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret );
- return( ret );
- }
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
- if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
- return( ret );
- }
- ext_len += olen;
-
- if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_supported_point_formats_ext( ssl, p, end,
+ &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_cid_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_max_fragment_length_ext( ssl, p, end,
+ &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_extended_ms_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
return( ret );
}
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
- if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
- return( ret );
- }
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_use_srtp_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = ssl_write_session_ticket_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
return( ret );
}
- ext_len += olen;
+ p += ext_len;
#endif
- /* olen unused if all extensions are disabled */
- ((void) olen);
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
- ext_len ) );
-
- if( ext_len > 0 )
- {
- /* No need to check for space here, because the extension
- * writing functions already took care of that. */
- MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
- p += 2 + ext_len;
- }
-
- ssl->out_msglen = p - buf;
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_HELLO;
-
- ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
- }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+ *out_len = p - buf;
return( 0 );
}
@@ -1572,9 +870,11 @@
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
{
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
p[0] );
@@ -1823,7 +1123,7 @@
static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
{
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
- int major_ver, minor_ver;
+ uint16_t dtls_legacy_version;
unsigned char cookie_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
@@ -1848,17 +1148,15 @@
* } HelloVerifyRequest;
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
- mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
+ dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
/*
- * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
- * even is lower than our min version.
+ * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
+ * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
+ * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
*/
- if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
- minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
- major_ver > ssl->conf->max_major_ver ||
- minor_ver > ssl->conf->max_minor_ver )
+ if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
@@ -1879,16 +1177,16 @@
}
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free( ssl->handshake->cookie );
- ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( ssl->handshake->verify_cookie == NULL )
+ ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+ memcpy( ssl->handshake->cookie, p, cookie_len );
ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */
@@ -1970,8 +1268,8 @@
else
{
/* We made it through the verification process */
- mbedtls_free( ssl->handshake->verify_cookie );
- ssl->handshake->verify_cookie = NULL;
+ mbedtls_free( ssl->handshake->cookie );
+ ssl->handshake->cookie = NULL;
ssl->handshake->verify_cookie_len = 0;
}
}
@@ -1999,23 +1297,18 @@
*/
buf += mbedtls_ssl_hs_hdr_len( ssl );
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
- mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->conf->transport, buf + 0 );
- ssl->session_negotiate->minor_ver = ssl->minor_ver;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf, 2 );
+ ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
+ ssl->session_negotiate->tls_version = ssl->tls_version;
- if( ssl->major_ver < ssl->conf->min_major_ver ||
- ssl->minor_ver < ssl->conf->min_minor_ver ||
- ssl->major_ver > ssl->conf->max_major_ver ||
- ssl->minor_ver > ssl->conf->max_minor_ver )
+ if( ssl->tls_version < ssl->conf->min_tls_version ||
+ ssl->tls_version > ssl->conf->max_tls_version )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
- ssl->conf->min_major_ver,
- ssl->conf->min_minor_ver,
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver ) );
+ ( "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]",
+ (unsigned)ssl->conf->min_tls_version,
+ (unsigned)ssl->tls_version,
+ (unsigned)ssl->conf->max_tls_version ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -2177,8 +1470,8 @@
suite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite );
- if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver,
- ssl->minor_ver ) != 0 )
+ if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->tls_version,
+ ssl->tls_version ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message(
@@ -2193,7 +1486,7 @@
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
ssl->handshake->ecrs_enabled = 1;
}
@@ -2473,11 +1766,74 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end )
+{
+ uint16_t tls_id;
+ size_t ecdh_bits = 0;
+ uint8_t ecpoint_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /*
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ *
+ * 1 curve_type (must be "named_curve")
+ * 2..3 NamedCurve
+ * 4 ECPoint.len
+ * 5+ ECPoint contents
+ */
+ if( end - *p < 4 )
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+
+ /* First byte is curve_type; only named_curve is handled */
+ if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+ /* Next two bytes are the namedcurve value */
+ tls_id = *(*p)++;
+ tls_id <<= 8;
+ tls_id |= *(*p)++;
+
+ /* Check it's a curve we offered */
+ if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "bad server key exchange message (ECDHE curve): %u",
+ (unsigned) tls_id ) );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ /* Convert EC group to PSA key type. */
+ if( ( handshake->ecdh_psa_type =
+ mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
+ {
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+ handshake->ecdh_bits = ecdh_bits;
+
+ /* Keep a copy of the peer's public key */
+ ecpoint_len = *(*p)++;
+ if( (size_t)( end - *p ) < ecpoint_len )
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+
+ if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) )
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+ memcpy( handshake->ecdh_psa_peerkey, *p, ecpoint_len );
+ handshake->ecdh_psa_peerkey_len = ecpoint_len;
+ *p += ecpoint_len;
+
+ return( 0 );
+}
+#else
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{
const mbedtls_ecp_curve_info *curve_info;
@@ -2497,12 +1853,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-#if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-#else
- if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
- ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-#endif
return( -1 );
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
@@ -2510,77 +1861,7 @@
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
-static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end )
-{
- uint16_t tls_id;
- size_t ecdh_bits = 0;
- uint8_t ecpoint_len;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
- /*
- * Parse ECC group
- */
-
- if( end - *p < 4 )
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-
- /* First byte is curve_type; only named_curve is handled */
- if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-
- /* Next two bytes are the namedcurve value */
- tls_id = *(*p)++;
- tls_id <<= 8;
- tls_id |= *(*p)++;
-
- /* Convert EC group to PSA key type. */
- if( ( handshake->ecdh_psa_type =
- mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
- {
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- }
- if( ecdh_bits > 0xffff )
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- handshake->ecdh_bits = (uint16_t) ecdh_bits;
-
- /*
- * Put peer's ECDH public key in the format understood by PSA.
- */
-
- ecpoint_len = *(*p)++;
- if( (size_t)( end - *p ) < ecpoint_len )
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-
- if( mbedtls_psa_tls_ecpoint_to_psa_ec(
- *p, ecpoint_len,
- handshake->ecdh_psa_peerkey,
- sizeof( handshake->ecdh_psa_peerkey ),
- &handshake->ecdh_psa_peerkey_len ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- *p += ecpoint_len;
- return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p,
unsigned char *end )
@@ -2615,6 +1896,7 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -2688,9 +1970,8 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( p, ssl->conf->transport,
+ MBEDTLS_SSL_VERSION_TLS1_2 );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
{
@@ -2731,13 +2012,11 @@
return( ret );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 )
{
MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
*olen += 2;
}
-#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it. */
@@ -2748,7 +2027,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -2758,16 +2036,9 @@
mbedtls_md_type_t *md_alg,
mbedtls_pk_type_t *pk_alg )
{
- ((void) ssl);
*md_alg = MBEDTLS_MD_NONE;
*pk_alg = MBEDTLS_PK_NONE;
- /* Only in TLS 1.2 */
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- return( 0 );
- }
-
if( (*p) + 2 > end )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -2794,9 +2065,9 @@
}
/*
- * Check if the hash is acceptable
+ * Check if the signature algorithm is acceptable
*/
- if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
+ if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
@@ -2814,7 +2085,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -2844,6 +2114,42 @@
peer_key = mbedtls_pk_ec( *peer_pk );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t ecdh_bits = 0;
+ size_t olen = 0;
+
+ if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+ }
+
+ ssl->handshake->ecdh_psa_type =
+ PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id,
+ &ecdh_bits ) );
+
+ if( ssl->handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group conversion to psa." ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+
+ /* Store peer's public key in psa format. */
+ ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
+ ssl->handshake->ecdh_psa_peerkey,
+ MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH );
+
+ if ( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecp_point_write_binary" ), ret );
+ return( ret );
+ }
+
+ ssl->handshake->ecdh_psa_peerkey_len = olen;
+#else
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS ) ) != 0 )
{
@@ -2856,7 +2162,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
}
-
+#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
@@ -3016,28 +2322,8 @@
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
- if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
@@ -3099,38 +2385,28 @@
/*
* Handle the digitally-signed structure
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ssl_parse_signature_algorithm( ssl, &p, end,
+ &md_alg, &pk_alg ) != 0 )
{
- if( ssl_parse_signature_algorithm( ssl, &p, end,
- &md_alg, &pk_alg ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- if( pk_alg !=
- mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ if( pk_alg !=
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
/*
@@ -3164,7 +2440,6 @@
/*
* Compute the hash that has been signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3174,7 +2449,6 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3274,6 +2548,10 @@
size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
+ size_t sig_alg_len;
+#if defined(MBEDTLS_DEBUG_C)
+ unsigned char *sig_alg;
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -3301,12 +2579,13 @@
}
ssl->state++;
- ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+ ssl->handshake->client_auth =
+ ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
- ssl->client_auth ? "a" : "no" ) );
+ ssl->handshake->client_auth ? "a" : "no" ) );
- if( ssl->client_auth == 0 )
+ if( ssl->handshake->client_auth == 0 )
{
/* Current message is probably the ServerHelloDone */
ssl->keep_current_message = 1;
@@ -3369,53 +2648,42 @@
}
/* supported_signature_algorithms */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
+ | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+
+ /*
+ * The furthest access in buf is in the loop few lines below:
+ * sig_alg[i + 1],
+ * where:
+ * sig_alg = buf + ...hdr_len + 3 + n,
+ * max(i) = sig_alg_len - 1.
+ * Therefore the furthest access is:
+ * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
+ * which reduces to:
+ * buf[...hdr_len + 3 + n + sig_alg_len],
+ * which is one less than we need the buf to be.
+ */
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
{
- size_t sig_alg_len =
- ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
-#if defined(MBEDTLS_DEBUG_C)
- unsigned char* sig_alg;
- size_t i;
-#endif
-
- /*
- * The furthest access in buf is in the loop few lines below:
- * sig_alg[i + 1],
- * where:
- * sig_alg = buf + ...hdr_len + 3 + n,
- * max(i) = sig_alg_len - 1.
- * Therefore the furthest access is:
- * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
- * which reduces to:
- * buf[...hdr_len + 3 + n + sig_alg_len],
- * which is one less than we need the buf to be.
- */
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
- + 3 + n + sig_alg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
-#if defined(MBEDTLS_DEBUG_C)
- sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
- for( i = 0; i < sig_alg_len; i += 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "Supported Signature Algorithm found: %d,%d",
- sig_alg[i], sig_alg[i + 1] ) );
- }
-#endif
-
- n += 2 + sig_alg_len;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_DEBUG_C)
+ sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
+ for( size_t i = 0; i < sig_alg_len; i += 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Supported Signature Algorithm found: %d,%d",
+ sig_alg[i], sig_alg[i + 1] ) );
+ }
+#endif
+
+ n += 2 + sig_alg_len;
/* certificate_authorities */
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
@@ -3525,22 +2793,22 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
- psa_status_t status;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t key_attributes;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
- size_t own_pubkey_len;
- unsigned char *own_pubkey_ecpoint;
- size_t own_pubkey_ecpoint_len;
-
header_len = 4;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
@@ -3568,27 +2836,26 @@
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- /* Export the public part of the ECDH private key from PSA
- * and convert it to ECPoint format used in ClientKeyExchange. */
+ /* Export the public part of the ECDH private key from PSA.
+ * The export format is an ECPoint structure as expected by TLS,
+ * but we just need to add a length byte before that. */
+ unsigned char *own_pubkey = ssl->out_msg + header_len + 1;
+ unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+ size_t own_pubkey_max_len = (size_t)( end - own_pubkey );
+ size_t own_pubkey_len;
+
status = psa_export_public_key( handshake->ecdh_psa_privkey,
- own_pubkey, sizeof( own_pubkey ),
+ own_pubkey, own_pubkey_max_len,
&own_pubkey_len );
if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
- if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
- own_pubkey_len,
- &own_pubkey_ecpoint,
- &own_pubkey_ecpoint_len ) != 0 )
{
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
- /* Copy ECPoint structure to outgoing message buffer. */
- ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len;
- memcpy( ssl->out_msg + header_len + 1,
- own_pubkey_ecpoint, own_pubkey_ecpoint_len );
- content_len = own_pubkey_ecpoint_len + 1;
+ ssl->out_msg[header_len] = (unsigned char) own_pubkey_len;
+ content_len = own_pubkey_len + 1;
/* The ECDH secret is the premaster secret used for key derivation. */
@@ -3600,27 +2867,13 @@
ssl->handshake->premaster,
sizeof( ssl->handshake->premaster ),
&ssl->handshake->pmslen );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- status = psa_destroy_key( handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
+
+ if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+#else
/*
* ECDH key exchange -- send client public value
*/
@@ -3680,19 +2933,176 @@
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t key_attributes;
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /*
+ * opaque psk_identity<0..2^16-1>;
+ */
+ if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ /* We don't offer PSK suites if we don't have a PSK,
+ * and we check that the server's choice is among the
+ * ciphersuites we offered, so this should never happen. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* Opaque PSKs are currently only supported for PSK-only suites. */
+ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ /* uint16 to store content length */
+ const size_t content_len_size = 2;
+
+ header_len = 4;
+
+ if( header_len + content_len_size + ssl->conf->psk_identity_len
+ > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity too long or SSL buffer too short" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ unsigned char *p = ssl->out_msg + header_len;
+
+ *p++ = MBEDTLS_BYTE_1( ssl->conf->psk_identity_len );
+ *p++ = MBEDTLS_BYTE_0( ssl->conf->psk_identity_len );
+ header_len += content_len_size;
+
+ memcpy( p, ssl->conf->psk_identity,
+ ssl->conf->psk_identity_len );
+ p += ssl->conf->psk_identity_len;
+
+ header_len += ssl->conf->psk_identity_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /*
+ * Generate EC private key for ECDHE exchange.
+ */
+
+ /* The master secret is obtained from the shared ECDH secret by
+ * applying the TLS 1.2 PRF with a specific salt and label. While
+ * the PSA Crypto API encourages combining key agreement schemes
+ * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
+ * yet support the provisioning of salt + label to the KDF.
+ * For the time being, we therefore need to split the computation
+ * of the ECDH secret and the application of the TLS 1.2 PRF. */
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ /* Export the public part of the ECDH private key from PSA.
+ * The export format is an ECPoint structure as expected by TLS,
+ * but we just need to add a length byte before that. */
+ unsigned char *own_pubkey = p + 1;
+ unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+ size_t own_pubkey_max_len = (size_t)( end - own_pubkey );
+ size_t own_pubkey_len = 0;
+
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ own_pubkey, own_pubkey_max_len,
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ *p = (unsigned char) own_pubkey_len;
+ content_len = own_pubkey_len + 1;
+
+ /* As RFC 5489 section 2, the premaster secret is formed as follows:
+ * - a uint16 containing the length (in octets) of the ECDH computation
+ * - the octet string produced by the ECDH computation
+ * - a uint16 containing the length (in octets) of the PSK
+ * - the PSK itself
+ */
+ unsigned char *pms = ssl->handshake->premaster;
+ const unsigned char* const pms_end = pms +
+ sizeof( ssl->handshake->premaster );
+ /* uint16 to store length (in octets) of the ECDH computation */
+ const size_t zlen_size = 2;
+ size_t zlen = 0;
+
+ /* Perform ECDH computation after the uint16 reserved for the length */
+ status = psa_raw_key_agreement( PSA_ALG_ECDH,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ pms + zlen_size,
+ pms_end - ( pms + zlen_size ),
+ &zlen );
+
+ destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+ else if( destruction_status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( destruction_status ) );
+
+ /* Write the ECDH computation length before the ECDH computation */
+ MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
+ pms += zlen_size + zlen;
+
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
+
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* opaque psk<0..2^16-1>; */
+ if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Write the PSK length as uint16 */
+ MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
+ pms += 2;
+
+ /* Write the PSK itself */
+ memcpy( pms, psk, psk_len );
+ pms += psk_len;
+
+ ssl->handshake->pmslen = pms - ssl->handshake->premaster;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
{
/*
* opaque psk_identity<0..2^16-1>;
*/
- if( ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
{
/* We don't offer PSK suites if we don't have a PSK,
* and we check that the server's choice is among the
@@ -3777,15 +3187,10 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* Opaque PSKs are currently only supported for PSK-only suites. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
/*
* ClientECDiffieHellmanPublic public;
*/
@@ -3804,7 +3209,7 @@
MBEDTLS_DEBUG_ECDH_Q );
}
else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3813,7 +3218,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -3958,7 +3362,8 @@
return( 0 );
}
- if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
+ if( ssl->handshake->client_auth == 0 ||
+ mbedtls_ssl_own_cert( ssl ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++;
@@ -3983,47 +3388,37 @@
ssl->handshake->calc_verify( ssl, hash, &hashlen );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ /*
+ * digitally-signed struct {
+ * opaque handshake_messages[handshake_messages_length];
+ * };
+ *
+ * Taking shortcut here. We assume that the server always allows the
+ * PRF Hash function and has sent it in the allowed signature
+ * algorithms list received in the Certificate Request message.
+ *
+ * Until we encounter a server that does not, we will take this
+ * shortcut.
+ *
+ * Reason: Otherwise we should have running hashes for SHA512 and
+ * SHA224 in order to satisfy 'weird' needs from the server
+ * side.
+ */
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
- /*
- * digitally-signed struct {
- * opaque handshake_messages[handshake_messages_length];
- * };
- *
- * Taking shortcut here. We assume that the server always allows the
- * PRF Hash function and has sent it in the allowed signature
- * algorithms list received in the Certificate Request message.
- *
- * Until we encounter a server that does not, we will take this
- * shortcut.
- *
- * Reason: Otherwise we should have running hashes for SHA512 and
- * SHA224 in order to satisfy 'weird' needs from the server
- * side.
- */
- if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- {
- md_alg = MBEDTLS_MD_SHA384;
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
- }
- else
- {
- md_alg = MBEDTLS_MD_SHA256;
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
- }
- ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
-
- /* Info from md_alg will be used instead */
- hashlen = 0;
- offset = 2;
+ md_alg = MBEDTLS_MD_SHA384;
+ ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ md_alg = MBEDTLS_MD_SHA256;
+ ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
}
+ ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+ offset = 2;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled )
@@ -4189,8 +3584,6 @@
{
int ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
-
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -4211,7 +3604,7 @@
* ==> ClientHello
*/
case MBEDTLS_SSL_CLIENT_HELLO:
- ret = ssl_write_client_hello( ssl );
+ ret = mbedtls_ssl_write_client_hello( ssl );
break;
/*
@@ -4303,4 +3696,5 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_CLI_C */
+
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/ssl_srv.c b/library/ssl_tls12_server.c
similarity index 86%
rename from library/ssl_srv.c
rename to library/ssl_tls12_server.c
index f34f2de..6fd916f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_tls12_server.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -118,6 +118,11 @@
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
{
+ ssl->handshake->sni_name = p + 3;
+ ssl->handshake->sni_name_len = hostname_len;
+ if( ssl->conf->f_sni == NULL )
+ return( 0 );
+
ret = ssl->conf->f_sni( ssl->conf->p_sni,
ssl, p + 3, hostname_len );
if( ret != 0 )
@@ -224,8 +229,7 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Status of the implementation of signature-algorithms extension:
@@ -239,9 +243,9 @@
* This needs to be done at a later stage.
*
*/
-static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
{
size_t sig_alg_list_size;
@@ -296,7 +300,8 @@
continue;
}
- if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 )
+ if( mbedtls_ssl_sig_alg_is_offered(
+ ssl, MBEDTLS_GET_UINT16_BE( p, 0 ) ) )
{
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
@@ -312,14 +317,52 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+/*
+ * Function for parsing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
{
size_t list_size, our_size;
const unsigned char *p;
@@ -405,9 +448,11 @@
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
{
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
p[0] );
@@ -908,7 +953,7 @@
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{
- mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
+ mbedtls_ssl_key_cert *cur, *list;
mbedtls_pk_type_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags;
@@ -968,30 +1013,10 @@
}
#endif
- /*
- * Try to select a SHA-1 certificate for pre-1.2 clients, but still
- * present them a SHA-higher cert rather than failing if it's the only
- * one we got that satisfies the other conditions.
- */
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
- cur->cert->sig_md != MBEDTLS_MD_SHA1 )
- {
- if( fallback == NULL )
- fallback = cur;
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
- "sha-2 with pre-TLS 1.2 client" ) );
- continue;
- }
- }
-
/* If we get there, we got a winner */
break;
}
- if( cur == NULL )
- cur = fallback;
-
/* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL )
{
@@ -1014,8 +1039,7 @@
{
const mbedtls_ssl_ciphersuite_t *suite_info;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@@ -1029,19 +1053,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
(unsigned int) suite_id, suite_info->name ) );
- if( suite_info->min_minor_ver > ssl->minor_ver ||
- suite_info->max_minor_ver < ssl->minor_ver )
+ if( suite_info->min_tls_version > ssl->tls_version ||
+ suite_info->max_tls_version < ssl->tls_version )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
return( 0 );
}
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
- return( 0 );
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
@@ -1075,24 +1093,19 @@
}
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
+ if( sig_type != MBEDTLS_PK_NONE &&
+ mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
{
- sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
- if( sig_type != MBEDTLS_PK_NONE &&
- mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
- "for signature algorithm %u", (unsigned) sig_type ) );
- return( 0 );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
+ "for signature algorithm %u", (unsigned) sig_type ) );
+ return( 0 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
@@ -1133,16 +1146,13 @@
int handshake_failure = 0;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- int major, minor;
/* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed
* signature-hash pairs. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
int sig_hash_alg_ext_present = 0;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@@ -1194,18 +1204,6 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
buf[1], buf[2] ) );
- mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
-
- /* According to RFC 5246 Appendix E.1, the version here is typically
- * "{03,00}, the lowest version number supported by the client, [or] the
- * value of ClientHello.client_version", so the only meaningful check here
- * is the major version shouldn't be less than 3 */
- if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
- }
-
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -1393,33 +1391,17 @@
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
- mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->conf->transport, buf );
- ssl->session_negotiate->minor_ver = ssl->minor_ver;
+ ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
+ ssl->session_negotiate->tls_version = ssl->tls_version;
- ssl->handshake->max_major_ver = ssl->major_ver;
- ssl->handshake->max_minor_ver = ssl->minor_ver;
-
- if( ssl->major_ver < ssl->conf->min_major_ver ||
- ssl->minor_ver < ssl->conf->min_minor_ver )
+ if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
- " [%d:%d] < [%d:%d]",
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
}
- if( ssl->major_ver > ssl->conf->max_major_ver )
- {
- ssl->major_ver = ssl->conf->max_major_ver;
- ssl->minor_ver = ssl->conf->max_minor_ver;
- }
- else if( ssl->minor_ver > ssl->conf->max_minor_ver )
- ssl->minor_ver = ssl->conf->max_minor_ver;
-
/*
* Save client random (inc. Unix time)
*/
@@ -1610,9 +1592,6 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
- if( ssl->conf->f_sni == NULL )
- break;
-
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
@@ -1630,26 +1609,24 @@
return( ret );
break;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
- ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
+ ret = ssl_parse_sig_alg_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
sig_hash_alg_ext_present = 1;
break;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
- ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+ ret = ssl_parse_supported_groups_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
@@ -1754,8 +1731,7 @@
ext += 4 + ext_size;
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Try to fall back to default hash SHA1 if the client
@@ -1763,16 +1739,19 @@
*/
if( sig_hash_alg_ext_present == 0 )
{
- mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1;
+ uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) };
+ mbedtls_md_type_t md_default = MBEDTLS_MD_NONE;
+ for( i = 0; i < sizeof( sig_algs ) / sizeof( sig_algs[0] ) ; i++ )
+ {
+ if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_algs[ i ] ) )
+ md_default = MBEDTLS_MD_SHA1;
+ }
- if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 )
- md_default = MBEDTLS_MD_NONE;
-
- mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
+ mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs,
+ md_default );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -1838,9 +1817,23 @@
}
/*
+ * Server certification selection (after processing TLS extensions)
+ */
+ if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
+ return( ret );
+ }
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ ssl->handshake->sni_name = NULL;
+ ssl->handshake->sni_name_len = 0;
+#endif
+
+ /*
* Search for a matching ciphersuite
* (At the end because we need information from the EC-based extensions
- * and certificate from the SNI callback triggered by the SNI extension.)
+ * and certificate from the SNI callback triggered by the SNI extension
+ * or certificate from server certificate selection callback.)
*/
got_common_suite = 0;
ciphersuites = ssl->conf->ciphersuite_list;
@@ -1912,23 +1905,19 @@
/* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
+ if( sig_alg != MBEDTLS_PK_NONE )
{
- mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
- if( sig_alg != MBEDTLS_PK_NONE )
- {
- mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
- mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
- "%u - should not happen", (unsigned) sig_alg ) );
- }
+ mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
+ mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
+ "%u - should not happen", (unsigned) sig_alg ) );
}
#endif
@@ -1991,13 +1980,13 @@
{
unsigned char *p = buf;
const mbedtls_ssl_ciphersuite_t *suite = NULL;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t key_type;
+ psa_algorithm_t alg;
+ size_t key_bits;
+#else
const mbedtls_cipher_info_t *cipher = NULL;
-
- if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
- {
- *olen = 0;
- return;
- }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* RFC 7366: "If a server receives an encrypt-then-MAC request extension
@@ -2007,8 +1996,19 @@
*/
if( ( suite = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite ) ) == NULL ||
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg,
+ &key_type, &key_bits ) != PSA_SUCCESS ) ||
+ alg != PSA_ALG_CBC_NO_PADDING )
+#else
( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
cipher->mode != MBEDTLS_MODE_CBC )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
+ }
+
+ if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
{
*olen = 0;
return;
@@ -2339,8 +2339,7 @@
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2;
@@ -2479,8 +2478,7 @@
buf = ssl->out_msg;
p = buf + 4;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@@ -2738,7 +2736,7 @@
p += ct_len;
sa_len = 0;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
/*
* Add signature_algorithms for verify (TLS 1.2)
*
@@ -2752,35 +2750,26 @@
* enum { (255) } HashAlgorithm;
* enum { (255) } SignatureAlgorithm;
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
- const int *cur;
+ unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
- /*
- * Supported signature algorithms
- */
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- {
- unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
+ if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+ continue;
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+ continue;
- if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
- continue;
-
-#if defined(MBEDTLS_RSA_C)
- p[2 + sa_len++] = hash;
- p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
-#endif
-#if defined(MBEDTLS_ECDSA_C)
- p[2 + sa_len++] = hash;
- p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
-#endif
- }
-
- MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
sa_len += 2;
- p += sa_len;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+ sa_len += 2;
+ p += sa_len;
/*
* DistinguishedName certificate_authorities<0..2^16-1>;
@@ -2841,7 +2830,102 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ unsigned char buf[
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+ psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ size_t ecdh_bits = 0;
+ size_t key_len;
+ mbedtls_pk_context *pk;
+ mbedtls_ecp_keypair *key;
+
+ pk = mbedtls_ssl_own_key( ssl );
+
+ if( pk == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ switch( mbedtls_pk_get_type( pk ) )
+ {
+ case MBEDTLS_PK_OPAQUE:
+ if( ! mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
+ return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+
+ ssl->handshake->ecdh_psa_privkey =
+ *( (mbedtls_svc_key_id_t*) pk->pk_ctx );
+
+ /* Key should not be destroyed in the TLS library */
+ ssl->handshake->ecdh_psa_privkey_is_external = 1;
+
+ status = psa_get_key_attributes( ssl->handshake->ecdh_psa_privkey,
+ &key_attributes );
+ if( status != PSA_SUCCESS)
+ {
+ ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ ssl->handshake->ecdh_psa_type = psa_get_key_type( &key_attributes );
+ ssl->handshake->ecdh_bits = psa_get_key_bits( &key_attributes );
+
+ psa_reset_key_attributes( &key_attributes );
+
+ ret = 0;
+ break;
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ key = mbedtls_pk_ec( *pk );
+ if( key == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ /* Convert EC group to PSA key type. */
+ if( ( ssl->handshake->ecdh_psa_type =
+ mbedtls_ecc_group_to_psa( key->grp.id,
+ &ecdh_bits ) ) == 0 )
+ {
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ ssl->handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( ssl->handshake->ecdh_psa_type ) );
+ psa_set_key_bits( &key_attributes, ssl->handshake->ecdh_bits );
+
+ key_len = PSA_BITS_TO_BYTES( key->grp.pbits );
+ ret = mbedtls_ecp_write_key( key, buf, key_len );
+ if( ret != 0 )
+ goto cleanup;
+
+ status = psa_import_key( &key_attributes, buf, key_len,
+ &ssl->handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+ break;
+ default:
+ ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
+ }
+
+cleanup:
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+
+ return( ret );
+}
+#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
@@ -3059,6 +3143,91 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_attributes_t key_attributes;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ size_t ecdh_bits = 0;
+ uint8_t *p = ssl->out_msg + ssl->out_msglen;
+ const size_t header_size = 4; // curve_type(1), namedcurve(2),
+ // data length(1)
+ const size_t data_length_size = 1;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /* Convert EC group to PSA key type. */
+ handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
+ (*curve)->tls_id, &ecdh_bits );
+
+ if( handshake->ecdh_psa_type == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+ handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /*
+ * ECParameters curve_params
+ *
+ * First byte is curve_type, always named_curve
+ */
+ *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
+
+ /*
+ * Next two bytes are the namedcurve value
+ */
+ MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 );
+ p += 2;
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
+ return( ret );
+ }
+
+ /*
+ * ECPoint public
+ *
+ * First byte is data length.
+ * It will be filled later. p holds now the data length location.
+ */
+
+ /* Export the public part of the ECDH private key from PSA.
+ * Make one byte space for the length.
+ */
+ unsigned char *own_pubkey = p + data_length_size;
+
+ size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
+ - ( own_pubkey - ssl->out_msg ) );
+
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ own_pubkey, own_pubkey_max_len,
+ &len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
+ (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( ret );
+ }
+
+ /* Store the length of the exported public key. */
+ *p = (uint8_t) len;
+
+ /* Determine full message length. */
+ len += header_size;
+#else
if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
(*curve)->grp_id ) ) != 0 )
{
@@ -3067,23 +3236,24 @@
}
if( ( ret = mbedtls_ecdh_make_params(
- &ssl->handshake->ecdh_ctx, &len,
- ssl->out_msg + ssl->out_msglen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ &ssl->handshake->ecdh_ctx, &len,
+ ssl->out_msg + ssl->out_msglen,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret );
}
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
dig_signed = ssl->out_msg + ssl->out_msglen;
#endif
ssl->out_msglen += len;
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
@@ -3112,37 +3282,26 @@
*/
mbedtls_md_type_t md_alg;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /* For TLS 1.2, obey signature-hash-algorithm extension
- * (RFC 5246, Sec. 7.4.1.4.1). */
- if( sig_alg == MBEDTLS_PK_NONE ||
- ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg ) ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- /* (... because we choose a cipher suite
- * only if there is a matching hash.) */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- }
- else
+
+ /* For TLS 1.2, obey signature-hash-algorithm extension
+ * (RFC 5246, Sec. 7.4.1.4.1). */
+ if( sig_alg == MBEDTLS_PK_NONE ||
+ ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ /* (... because we choose a cipher suite
+ * only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
/*
* 2.2: Compute the hash to be signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3153,7 +3312,6 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3164,31 +3322,24 @@
/*
* 2.3: Compute and add the signature
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /*
- * For TLS 1.2, we need to specify signature and hash algorithm
- * explicitly through a prefix to the signature.
- *
- * struct {
- * HashAlgorithm hash;
- * SignatureAlgorithm signature;
- * } SignatureAndHashAlgorithm;
- *
- * struct {
- * SignatureAndHashAlgorithm algorithm;
- * opaque signature<0..2^16-1>;
- * } DigitallySigned;
- *
- */
+ /*
+ * We need to specify signature and hash algorithm explicitly through
+ * a prefix to the signature.
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * struct {
+ * SignatureAndHashAlgorithm algorithm;
+ * opaque signature<0..2^16-1>;
+ * } DigitallySigned;
+ *
+ */
- ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_hash_from_md_alg( md_alg );
- ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_sig_from_pk_alg( sig_alg );
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg( md_alg );
+ ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg( sig_alg );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL )
@@ -3468,7 +3619,6 @@
/*
* Prepare to decrypt the premaster using own private RSA key
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if ( p + 2 > end ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -3479,7 +3629,6 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#endif
if( p + len != end )
{
@@ -3562,9 +3711,8 @@
return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
- ssl->handshake->max_minor_ver,
- ssl->conf->transport, ver );
+ mbedtls_ssl_write_version( ver, ssl->conf->transport,
+ ssl->session_negotiate->tls_version );
/* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type
@@ -3761,6 +3909,62 @@
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t data_len = (size_t)( *p++ );
+ size_t buf_len = (size_t)( end - p );
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Read the peer's public key." ) );
+
+ /*
+ * We must have at least two bytes (1 for length, at least 1 for data)
+ */
+ if( buf_len < 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid buffer length" ) );
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+ if( data_len < 1 || data_len > buf_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid data length" ) );
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+ /* Store peer's ECDH public key. */
+ memcpy( handshake->ecdh_psa_peerkey, p, data_len );
+ handshake->ecdh_psa_peerkey_len = data_len;
+
+ /* Compute ECDH shared secret. */
+ status = psa_raw_key_agreement(
+ PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
+ handshake->premaster, sizeof( handshake->premaster ),
+ &handshake->pmslen );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
+ (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( ret );
+ }
+
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
+ {
+ status = psa_destroy_key( handshake->ecdh_psa_privkey );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ return( ret );
+ }
+ }
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+#else
if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
p, end - p) ) != 0 )
{
@@ -3783,6 +3987,7 @@
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3901,6 +4106,109 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t ecpoint_len;
+
+ /* Opaque PSKs are currently only supported for PSK-only. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( ret );
+ }
+
+ /* Keep a copy of the peer's public key */
+ if( p >= end )
+ {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ ecpoint_len = *(p++);
+ if( (size_t)( end - p ) < ecpoint_len ) {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) ) {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ memcpy( handshake->ecdh_psa_peerkey, p, ecpoint_len );
+ handshake->ecdh_psa_peerkey_len = ecpoint_len;
+ p += ecpoint_len;
+
+ /* As RFC 5489 section 2, the premaster secret is formed as follows:
+ * - a uint16 containing the length (in octets) of the ECDH computation
+ * - the octet string produced by the ECDH computation
+ * - a uint16 containing the length (in octets) of the PSK
+ * - the PSK itself
+ */
+ unsigned char *psm = ssl->handshake->premaster;
+ const unsigned char* const psm_end =
+ psm + sizeof( ssl->handshake->premaster );
+ /* uint16 to store length (in octets) of the ECDH computation */
+ const size_t zlen_size = 2;
+ size_t zlen = 0;
+
+ /* Compute ECDH shared secret. */
+ status = psa_raw_key_agreement( PSA_ALG_ECDH,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ psm + zlen_size,
+ psm_end - ( psm + zlen_size ),
+ &zlen );
+
+ destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+ else if( destruction_status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( destruction_status ) );
+
+ /* Write the ECDH computation length before the ECDH computation */
+ MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
+ psm += zlen_size + zlen;
+
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
+
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* opaque psk<0..2^16-1>; */
+ if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Write the PSK length as uint16 */
+ MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 );
+ psm += 2;
+
+ /* Write the PSK itself */
+ memcpy( psm, psk, psk_len );
+ psm += psk_len;
+
+ ssl->handshake->pmslen = psm - ssl->handshake->premaster;
+#else
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
@@ -3914,12 +4222,6 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* Opaque PSKs are currently only supported for PSK-only. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif
-
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP );
@@ -3929,6 +4231,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -4009,9 +4312,7 @@
unsigned char hash[48];
unsigned char *hash_start = hash;
size_t hashlen;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t pk_alg;
-#endif
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
@@ -4079,66 +4380,56 @@
* opaque signature<0..2^16-1>;
* } DigitallySigned;
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( i + 2 > ssl->in_hslen )
{
- if( i + 2 > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
- /*
- * Hash
- */
- md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
+ /*
+ * Hash
+ */
+ md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
- if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
+ if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
#if !defined(MBEDTLS_MD_SHA1)
- if( MBEDTLS_MD_SHA1 == md_alg )
- hash_start += 16;
+ if( MBEDTLS_MD_SHA1 == md_alg )
+ hash_start += 16;
#endif
- /* Info from md_alg will be used instead */
- hashlen = 0;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
- i++;
+ i++;
- /*
- * Signature
- */
- if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
- == MBEDTLS_PK_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- /*
- * Check the certificate's key type matches the signature alg
- */
- if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- i++;
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ /*
+ * Signature
+ */
+ if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
+ == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
+ /*
+ * Check the certificate's key type matches the signature alg
+ */
+ if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ i++;
+
if( i + 2 > ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
@@ -4352,4 +4643,4 @@
conf->respect_cli_pref = order;
}
-#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index dcf1ff8..cf5b382 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -21,9 +21,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@@ -32,9 +30,8 @@
#include "mbedtls/platform.h"
#include "ssl_misc.h"
-#include "ecdh_misc.h"
+#include "ssl_client.h"
#include "ssl_tls13_keys.h"
-#include "ssl_debug_helpers.h"
/* Write extensions */
@@ -51,6 +48,8 @@
size_t *out_len )
{
unsigned char *p = buf;
+ unsigned char versions_len = ( ssl->handshake->min_tls_version <=
+ MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
*out_len = 0;
@@ -60,35 +59,34 @@
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - versions_length (1 byte )
- * - versions (2 bytes)
+ * - versions (2 or 4 bytes)
*/
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + versions_len );
- /* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
-
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( 3, p, 2 );
+ MBEDTLS_PUT_UINT16_BE( versions_len + 1, p, 2 );
p += 4;
/* Length of versions */
- *p++ = 0x2;
+ *p++ = versions_len;
/* Write values of supported versions.
- *
* They are defined by the configuration.
- *
- * Currently, only one version is advertised.
+ * Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2.
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( p, MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_VERSION_TLS1_3 );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]",
- ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver ) );
- *out_len = 7;
+ if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_VERSION_TLS1_2 );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:3]" ) );
+ }
+
+ *out_len = 5 + versions_len;
return( 0 );
}
@@ -99,9 +97,9 @@
{
((void) ssl);
- MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2);
- if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
- buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
+ if( mbedtls_ssl_read_version( buf, ssl->conf->transport ) !=
+ MBEDTLS_SSL_VERSION_TLS1_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
@@ -110,166 +108,97 @@
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- return( 0 );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/*
- * Functions for writing supported_groups extension.
- *
- * Stucture of supported_groups:
- * enum {
- * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
- * x25519(0x001D), x448(0x001E),
- * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
- * ffdhe6144(0x0103), ffdhe8192(0x0104),
- * ffdhe_private_use(0x01FC..0x01FF),
- * ecdhe_private_use(0xFE00..0xFEFF),
- * (0xFFFF)
- * } NamedGroup;
- * struct {
- * NamedGroup named_group_list<2..2^16-1>;
- * } NamedGroupList;
- */
-#if defined(MBEDTLS_ECDH_C)
-/*
- * In versions of TLS prior to TLS 1.3, this extension was named
- * 'elliptic_curves' and only contained elliptic curve groups.
- */
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf;
-
- *out_len = 0;
-
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for ( ; *group_list != 0; group_list++ )
+ if( &buf[2] != end )
{
- const mbedtls_ecp_curve_info *curve_info;
- curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( curve_info == NULL )
- continue;
-
- if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
- continue;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
- MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
- p += 2;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
- curve_info->name, *group_list ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "supported_versions ext data length incorrect" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
- *out_len = p - buf;
-
return( 0 );
}
-#else
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
+
+#if defined(MBEDTLS_SSL_ALPN)
+static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len )
{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_ECDH_C */
+ size_t list_len, name_len;
+ const unsigned char *p = buf;
+ const unsigned char *end = buf + len;
-static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
+ /* If we didn't send it, the server shouldn't send it */
+ if( ssl->conf->alpn_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf ;
- unsigned char *named_group_list; /* Start of named_group_list */
- size_t named_group_list_len; /* Length of named_group_list */
- size_t output_len = 0;
- int ret_ecdhe, ret_dhe;
-
- *out_len = 0;
-
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
-
- /* Check if we have space for header and length fields:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - named_group_list_length (2 bytes)
+ /*
+ * opaque ProtocolName<1..2^8-1>;
+ *
+ * struct {
+ * ProtocolName protocol_name_list<2..2^16-1>
+ * } ProtocolNameList;
+ *
+ * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
*/
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
- named_group_list = p;
- ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
- if( ret_ecdhe != 0 )
+ /* Min length is 2 ( list_len ) + 1 ( name_len ) + 1 ( name ) */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+
+ list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, list_len );
+
+ name_len = *p++;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, list_len - 1 );
+
+ /* Check that the server chosen protocol was in our list and save it */
+ for ( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
+ if( name_len == strlen( *alpn ) &&
+ memcmp( buf + 3, *alpn, name_len ) == 0 )
+ {
+ ssl->alpn_chosen = *alpn;
+ return( 0 );
+ }
}
- p += output_len;
- ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
- if( ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
- }
- p += output_len;
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+}
+#endif /* MBEDTLS_SSL_ALPN */
- /* Both ECDHE and DHE failed. */
- if( ret_ecdhe != 0 && ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
+static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
+{
+ uint16_t group_id = ssl->handshake->offered_group_id;
+
+ if( group_id == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- /* Length of named_group_list*/
- named_group_list_len = p - named_group_list;
- if( named_group_list_len == 0 )
+#if defined(MBEDTLS_ECDH_C)
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Destroy generated private key. */
+ status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ return( ret );
+ }
+
+ ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_ECDH_C */
+ if( 0 /* other KEMs? */ )
+ {
+ /* Do something */
}
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
- /* Write length of named_group_list */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
-
- *out_len = p - buf;
-
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
-
- return( 0 );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/*
@@ -283,33 +212,53 @@
unsigned char *end,
size_t *out_len )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( named_group );
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ psa_key_attributes_t key_attributes;
+ size_t own_pubkey_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ size_t ecdh_bits = 0;
- if( curve_info == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) );
+ /* Convert EC group to PSA key type. */
+ if( ( handshake->ecdh_psa_type =
+ mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx,
- curve_info->grp_id ) ) != 0 )
+ ssl->handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_setup_no_everest", ret );
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
return( ret );
+
}
- ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, out_len,
- buf, end - buf,
- ssl->conf->f_rng, ssl->conf->p_rng );
- if( ret != 0 )
+ /* Export the public part of the ECDH private key from PSA. */
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ buf, (size_t)( end - buf ),
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret );
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
return( ret );
+
}
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
+ *out_len = own_pubkey_len;
+
return( 0 );
}
#endif /* MBEDTLS_ECDH_C */
@@ -376,9 +325,6 @@
*out_len = 0;
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
/* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
@@ -413,7 +359,7 @@
/* Pointer to group */
unsigned char *group = p;
/* Length of key_exchange */
- size_t key_exchange_len;
+ size_t key_exchange_len = 0;
/* Check there is space for header of KeyShareEntry
* - group (2 bytes)
@@ -421,8 +367,7 @@
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
p += 4;
- ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id,
- p, end,
+ ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, p, end,
&key_exchange_len );
p += key_exchange_len;
if( ret != 0 )
@@ -471,65 +416,76 @@
return( ret );
}
-#if defined(MBEDTLS_ECDH_C)
-static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
-{
- const mbedtls_ecp_curve_info *curve_info;
- mbedtls_ecp_group_id grp_id;
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- grp_id = ssl->handshake->ecdh_ctx.grp.id;
-#else
- grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
-
- curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
- if( curve_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-
- if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
- return( -1 );
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP );
-
- return( 0 );
-}
-
-static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+/*
+ * ssl_tls13_parse_hrr_key_share_ext()
+ * Parse key_share extension in Hello Retry Request
+ *
+ * struct {
+ * NamedGroup selected_group;
+ * } KeyShareHelloRetryRequest;
+ */
+static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
- size_t buf_len )
+ const unsigned char *end )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const mbedtls_ecp_curve_info *curve_info = NULL;
+ const unsigned char *p = buf;
+ int selected_group;
+ int found = 0;
- ret = mbedtls_ecdh_tls13_read_public( &ssl->handshake->ecdh_ctx,
- buf, buf_len );
- if( ret != 0 )
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "key_share extension", p, end - buf );
+
+ /* Read selected_group */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ selected_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_group ( %d )", selected_group ) );
+
+ /* Upon receipt of this extension in a HelloRetryRequest, the client
+ * MUST first verify that the selected_group field corresponds to a
+ * group which was provided in the "supported_groups" extension in the
+ * original ClientHello.
+ * The supported_group was based on the info in ssl->conf->group_list.
+ *
+ * If the server provided a key share that was not sent in the ClientHello
+ * then the client MUST abort the handshake with an "illegal_parameter" alert.
+ */
+ for( ; *group_list != 0; group_list++ )
{
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret );
+ curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
+ if( curve_info == NULL || curve_info->tls_id != selected_group )
+ continue;
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ /* We found a match */
+ found = 1;
+ break;
+ }
+
+ /* Client MUST verify that the selected_group field does not
+ * correspond to a group which was provided in the "key_share"
+ * extension in the original ClientHello. If the server sent an
+ * HRR message with a key share already provided in the
+ * ClientHello then the client MUST abort the handshake with
+ * an "illegal_parameter" alert.
+ */
+ if( found == 0 || selected_group == ssl->handshake->offered_group_id )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid key share in HRR" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- if( ssl_tls13_check_ecdh_params( ssl ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) );
-
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
+ /* Remember server's preference for next ClientHello */
+ ssl->handshake->offered_group_id = selected_group;
return( 0 );
}
-#endif /* MBEDTLS_ECDH_C */
/*
* ssl_tls13_parse_key_share_ext()
@@ -574,8 +530,17 @@
#if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
{
- /* Complete ECDHE key agreement */
- ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_tls_id( group );
+ if( curve_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid TLS curve group id" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+
+ ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
if( ret != 0 )
return( ret );
}
@@ -592,334 +557,252 @@
return( ret );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-/* Write cipher_suites
- * CipherSuite cipher_suites<2..2^16-2>;
+/*
+ * ssl_tls13_parse_cookie_ext()
+ * Parse cookie extension in Hello Retry Request
+ *
+ * struct {
+ * opaque cookie<1..2^16-1>;
+ * } Cookie;
+ *
+ * When sending a HelloRetryRequest, the server MAY provide a "cookie"
+ * extension to the client (this is an exception to the usual rule that
+ * the only extensions that may be sent are those that appear in the
+ * ClientHello). When sending the new ClientHello, the client MUST copy
+ * the contents of the extension received in the HelloRetryRequest into
+ * a "cookie" extension in the new ClientHello. Clients MUST NOT use
+ * cookies in their initial ClientHello in subsequent connections.
*/
-static int ssl_tls13_write_client_hello_cipher_suites(
- mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
+static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
{
- unsigned char *p = buf;
- const int *ciphersuite_list;
- unsigned char *cipher_suites; /* Start of the cipher_suites list */
- size_t cipher_suites_len;
+ uint16_t cookie_len;
+ const unsigned char *p = buf;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- *out_len = 0 ;
-
- /*
- * Ciphersuite list
- *
- * This is a list of the symmetric cipher options supported by
- * the client, specifically the record protection algorithm
- * ( including secret key length ) and a hash to be used with
- * HKDF, in descending order of client preference.
- */
- ciphersuite_list = ssl->conf->ciphersuite_list;
-
- /* Check there is space for the cipher suite list length (2 bytes). */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ /* Retrieve length field of cookie */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- /* Write cipher_suites */
- cipher_suites = p;
- for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
+
+ mbedtls_free( handshake->cookie );
+ handshake->hrr_cookie_len = 0;
+ handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( handshake->cookie == NULL )
{
- int cipher_suite = ciphersuite_list[i];
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
- if( ciphersuite_info == NULL )
- continue;
- if( !( MBEDTLS_SSL_MINOR_VERSION_4 >= ciphersuite_info->min_minor_ver &&
- MBEDTLS_SSL_MINOR_VERSION_4 <= ciphersuite_info->max_minor_ver ) )
- continue;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
- (unsigned int) cipher_suite,
- ciphersuite_info->name ) );
-
- /* Check there is space for the cipher suite identifier (2 bytes). */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 );
- p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "alloc failed ( %ud bytes )",
+ cookie_len ) );
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- /* Write the cipher_suites length in number of bytes */
- cipher_suites_len = p - cipher_suites;
- MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
- cipher_suites_len/2 ) );
-
- /* Output the total length of cipher_suites field. */
- *out_len = p - buf;
+ memcpy( handshake->cookie, p, cookie_len );
+ handshake->hrr_cookie_len = cookie_len;
return( 0 );
}
-/*
- * Structure of ClientHello message:
- *
- * struct {
- * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
- * Random random;
- * opaque legacy_session_id<0..32>;
- * CipherSuite cipher_suites<2..2^16-2>;
- * opaque legacy_compression_methods<1..2^8-1>;
- * Extension extensions<8..2^16-1>;
- * } ClientHello;
- */
-static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
+static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
{
-
- int ret;
- unsigned char *p_extensions_len; /* Pointer to extensions length */
- size_t output_len; /* Length of buffer used by function */
- size_t extensions_len; /* Length of the list of extensions*/
-
- /* Buffer management */
unsigned char *p = buf;
+ *out_len = 0;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( handshake->cookie == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+ handshake->cookie,
+ handshake->hrr_cookie_len );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 );
+ p += 6;
+
+ /* Cookie */
+ memcpy( p, handshake->cookie, handshake->hrr_cookie_len );
+
+ *out_len = handshake->hrr_cookie_len + 6;
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t ext_len;
*out_len = 0;
- /* No validation needed here. It has been done by ssl_conf_check() */
- ssl->major_ver = ssl->conf->min_major_ver;
- ssl->minor_ver = ssl->conf->min_minor_ver;
-
- /*
- * Write legacy_version
- * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
- *
- * For TLS 1.3 we use the legacy version number {0x03, 0x03}
- * instead of the true version number.
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 );
- p += 2;
-
- /* Write the random bytes ( random ).*/
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
- memcpy( p, ssl->handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
- p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
- p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
-
- /*
- * Write legacy_session_id
- *
- * Versions of TLS before TLS 1.3 supported a "session resumption" feature
- * which has been merged with pre-shared keys in this version. A client
- * which has a cached session ID set by a pre-TLS 1.3 server SHOULD set
- * this field to that value. In compatibility mode, this field MUST be
- * non-empty, so a client not offering a pre-TLS 1.3 session MUST generate
- * a new 32-byte value. This value need not be random but SHOULD be
- * unpredictable to avoid implementations fixating on a specific value
- * ( also known as ossification ). Otherwise, it MUST be set as a zero-length
- * vector ( i.e., a zero-valued single byte length field ).
- */
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->session_negotiate->id_len + 1 );
- *p++ = (unsigned char)ssl->session_negotiate->id_len;
- memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
- p += ssl->session_negotiate->id_len;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
- ssl->session_negotiate->id_len );
-#else
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
- *p++ = 0; /* session id length set to zero */
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
-
- /* Write cipher_suites */
- ret = ssl_tls13_write_client_hello_cipher_suites( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
-
- /* Write legacy_compression_methods
- *
- * For every TLS 1.3 ClientHello, this vector MUST contain exactly
- * one byte set to zero, which corresponds to the 'null' compression
- * method in prior versions of TLS.
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- *p++ = 1;
- *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-
- /* Write extensions */
-
- /* Keeping track of the included extensions */
- ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
-
- /* First write extensions, then the total length */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- p_extensions_len = p;
- p += 2;
-
/* Write supported_versions extension
*
* Supported Versions Extension is mandatory with TLS 1.3.
*/
- ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len );
+ ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
- p += output_len;
+ p += ext_len;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- /* Write supported_groups extension
- *
- * It is REQUIRED for ECDHE cipher_suites.
+ /* Echo the cookie if the server provided one in its preceding
+ * HelloRetryRequest message.
*/
- ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len );
+ ret = ssl_tls13_write_cookie_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
- p += output_len;
+ p += ext_len;
- /* Write key_share extension
- *
- * We need to send the key shares under three conditions:
- * 1) A certificate-based ciphersuite is being offered. In this case
- * supported_groups and supported_signature extensions have been
- * successfully added.
- * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
- * psk_key_exchange_modes has been added as the last extension.
- * 3) Or, in case all ciphers are supported ( which includes #1 and #2
- * from above )
- */
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
-
- /* Write signature_algorithms extension
- *
- * It is REQUIRED for certificate authenticated cipher_suites.
- */
- ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
-
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- /* Write server name extension */
- ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
- /* Add more extensions here */
-
- /* Write the length of the list of extensions. */
- extensions_len = p - p_extensions_len - 2;
- MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
- extensions_len ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p_extensions_len, extensions_len );
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
+ if( ret != 0 )
+ return( ret );
+ p += ext_len;
+ }
*out_len = p - buf;
- return( 0 );
-}
-
-static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl )
-{
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
- return( 0 );
-}
-
-static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
-{
- int ret;
-
- if( ssl->conf->f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
- return( MBEDTLS_ERR_SSL_NO_RNG );
- }
-
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
- ssl->handshake->randbytes,
- MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
- return( ret );
- }
-
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- /*
- * Create a session identifier for the purpose of middlebox compatibility
- * only if one has not been created already.
- */
- if( ssl->session_negotiate->id_len == 0 )
- {
- /* Creating a session id with 32 byte length */
- if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
- ssl->session_negotiate->id, 32 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "creating session id failed", ret );
- return( ret );
- }
- ssl->session_negotiate->id_len = 32;
- }
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
return( 0 );
}
/*
- * Write ClientHello handshake message.
- * Handler for MBEDTLS_SSL_CLIENT_HELLO
- */
-static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
-{
- int ret = 0;
- unsigned char *buf;
- size_t buf_len, msg_len;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) );
-
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg(
- ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
- &buf, &buf_len ) );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf,
- buf + buf_len,
- &msg_len ) );
-
- mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl,
- MBEDTLS_SSL_HS_CLIENT_HELLO,
- msg_len );
- ssl->handshake->update_checksum( ssl, buf, msg_len );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
- buf_len,
- msg_len ) );
-
-cleanup:
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
- return ret;
-}
-
-/*
* Functions for parsing and processing Server Hello
*/
+
+/**
+ * \brief Detect if the ServerHello contains a supported_versions extension
+ * or not.
+ *
+ * \param[in] ssl SSL context
+ * \param[in] buf Buffer containing the ServerHello message
+ * \param[in] end End of the buffer containing the ServerHello message
+ *
+ * \return 0 if the ServerHello does not contain a supported_versions extension
+ * \return 1 if the ServerHello contains a supported_versions extension
+ * \return A negative value if an error occurred while parsing the ServerHello.
+ */
+static int ssl_tls13_is_supported_versions_ext_present(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t legacy_session_id_echo_len;
+ size_t extensions_len;
+ const unsigned char *extensions_end;
+
+ /*
+ * Check there is enough data to access the legacy_session_id_echo vector
+ * length:
+ * - legacy_version 2 bytes
+ * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes
+ * - legacy_session_id_echo length 1 byte
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3 );
+ p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2;
+ legacy_session_id_echo_len = *p;
+
+ /*
+ * Jump to the extensions, jumping over:
+ * - legacy_session_id_echo (legacy_session_id_echo_len + 1) bytes
+ * - cipher_suite 2 bytes
+ * - legacy_compression_method 1 byte
+ */
+ p += legacy_session_id_echo_len + 4;
+
+ /* Case of no extension */
+ if( p == end )
+ return( 0 );
+
+ /* ...
+ * Extension extensions<6..2^16-1>;
+ * ...
+ * struct {
+ * ExtensionType extension_type; (2 bytes)
+ * opaque extension_data<0..2^16-1>;
+ * } Extension;
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* Check extensions do not go beyond the buffer of data. */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+ extensions_end = p + extensions_len;
+
+ while( p < extensions_end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ if( extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS )
+ return( 1 );
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ p += extension_data_len;
+ }
+
+ return( 0 );
+}
+
+/* Returns a negative value on failure, and otherwise
+ * - 1 if the last eight bytes of the ServerHello random bytes indicate that
+ * the server is TLS 1.3 capable but negotiating TLS 1.2 or below.
+ * - 0 otherwise
+ */
+static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ /* First seven bytes of the magic downgrade strings, see RFC 8446 4.1.3 */
+ static const unsigned char magic_downgrade_string[] =
+ { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 };
+ const unsigned char *last_eight_bytes_of_random;
+ unsigned char last_byte_of_random;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2 );
+ last_eight_bytes_of_random = buf + 2 + MBEDTLS_SERVER_HELLO_RANDOM_LEN - 8;
+
+ if( memcmp( last_eight_bytes_of_random,
+ magic_downgrade_string,
+ sizeof( magic_downgrade_string ) ) == 0 )
+ {
+ last_byte_of_random = last_eight_bytes_of_random[7];
+ return( last_byte_of_random == 0 ||
+ last_byte_of_random == 1 );
+ }
+
+ return( 0 );
+}
+
/* Returns a negative value on failure, and otherwise
* - SSL_SERVER_HELLO_COORDINATE_HELLO or
* - SSL_SERVER_HELLO_COORDINATE_HRR
- * to indicate which message is expected and to be parsed next. */
+ * to indicate which message is expected and to be parsed next.
+ */
#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
#define SSL_SERVER_HELLO_COORDINATE_HRR 1
static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
@@ -960,30 +843,58 @@
/* Fetch and preprocess
* Returns a negative value on failure, and otherwise
* - SSL_SERVER_HELLO_COORDINATE_HELLO or
- * - SSL_SERVER_HELLO_COORDINATE_HRR
+ * - SSL_SERVER_HELLO_COORDINATE_HRR or
+ * - SSL_SERVER_HELLO_COORDINATE_TLS1_2
*/
+#define SSL_SERVER_HELLO_COORDINATE_TLS1_2 2
static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
unsigned char **buf,
size_t *buf_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *end;
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_read_record( ssl, 0 ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, buf_len ) );
+ end = *buf + *buf_len;
- if( ( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) ||
- ( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) )
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_is_supported_versions_ext_present(
+ ssl, *buf, end ) );
+ if( ret == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected message" ) );
+ MBEDTLS_SSL_PROC_CHK_NEG(
+ ssl_tls13_is_downgrade_negotiation( ssl, *buf, end ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
- MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ /* If the server is negotiating TLS 1.2 or below and:
+ * . we did not propose TLS 1.2 or
+ * . the server responded it is TLS 1.3 capable but negotiating a lower
+ * version of the protocol and thus we are under downgrade attack
+ * abort the handshake with an "illegal parameter" alert.
+ */
+ if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ ssl->keep_current_message = 1;
+ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ *buf, *buf_len );
+
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = ssl_tls13_reset_key_share( ssl );
+ if( ret != 0 )
+ return( ret );
+ }
+
+ return( SSL_SERVER_HELLO_COORDINATE_TLS1_2 );
}
- *buf = ssl->in_msg + 4;
- *buf_len = ssl->in_hslen - 4;
-
- ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
+ ret = ssl_server_hello_is_hrr( ssl, *buf, end );
switch( ret )
{
case SSL_SERVER_HELLO_COORDINATE_HELLO:
@@ -991,6 +902,36 @@
break;
case SSL_SERVER_HELLO_COORDINATE_HRR:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+ /* If a client receives a second
+ * HelloRetryRequest in the same connection (i.e., where the ClientHello
+ * was itself in response to a HelloRetryRequest), it MUST abort the
+ * handshake with an "unexpected_message" alert.
+ */
+ if( ssl->handshake->hello_retry_request_count > 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Multiple HRRs received" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+ MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+ /*
+ * Clients must abort the handshake with an "illegal_parameter"
+ * alert if the HelloRetryRequest would not result in any change
+ * in the ClientHello.
+ * In a PSK only key exchange that what we expect.
+ */
+ if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Unexpected HRR in pure PSK key exchange." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ ssl->handshake->hello_retry_request_count++;
+
break;
}
@@ -1035,22 +976,6 @@
return( 0 );
}
-static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
- int cipher_suite )
-{
- const int *ciphersuite_list = ssl->conf->ciphersuite_list;
-
- /* Check whether we have offered this ciphersuite */
- for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
- {
- if( ciphersuite_list[i] == cipher_suite )
- {
- return( 1 );
- }
- }
- return( 0 );
-}
-
/* Parse ServerHello message and configure context
*
* struct {
@@ -1064,14 +989,17 @@
*/
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf,
- const unsigned char *end )
+ const unsigned char *end,
+ int is_hrr )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
size_t extensions_len;
const unsigned char *extensions_end;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ int fatal_alert = 0;
/*
* Check there is space for minimal fields
@@ -1093,13 +1021,14 @@
* with ProtocolVersion defined as:
* uint16 ProtocolVersion;
*/
- if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 &&
- p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) )
+ if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
+ MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
- return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+ goto cleanup;
}
p += 2;
@@ -1109,10 +1038,13 @@
* with Random defined as:
* opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
*/
- memcpy( &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
- MBEDTLS_SERVER_HELLO_RANDOM_LEN );
- MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
- p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ if( !is_hrr )
+ {
+ memcpy( &handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
+ p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ }
p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
/* ...
@@ -1121,9 +1053,8 @@
*/
if( ssl_tls13_check_server_hello_session_id_echo( ssl, &p, end ) != 0 )
{
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+ goto cleanup;
}
/* ...
@@ -1137,28 +1068,40 @@
p += 2;
- /*
- * Check whether this ciphersuite is supported and offered.
- * Via the force_ciphersuite version we may have instructed the client
- * to use a different ciphersuite.
- */
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
- if( ciphersuite_info == NULL ||
- ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
+ /*
+ * Check whether this ciphersuite is valid and offered.
+ */
+ if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+ ssl->tls_version,
+ ssl->tls_version ) != 0 ) ||
+ !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) not found or not offered",
- cipher_suite ) );
-
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+ }
+ /*
+ * If we received an HRR before and that the proposed selected
+ * ciphersuite in this server hello is not the same as the one
+ * proposed in the HRR, we abort the handshake and send an
+ * "illegal_parameter" alert.
+ */
+ else if( ( !is_hrr ) && ( handshake->hello_retry_request_count > 0 ) &&
+ ( cipher_suite != ssl->session_negotiate->ciphersuite ) )
+ {
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
}
+ if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid ciphersuite(%04x) parameter",
+ cipher_suite ) );
+ goto cleanup;
+ }
/* Configure ciphersuites */
mbedtls_ssl_optimize_checksum( ssl, ciphersuite_info );
- ssl->handshake->ciphersuite_info = ciphersuite_info;
+ handshake->ciphersuite_info = ciphersuite_info;
ssl->session_negotiate->ciphersuite = cipher_suite;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: ( %04x ) - %s",
@@ -1176,9 +1119,8 @@
if( p[0] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+ goto cleanup;
}
p++;
@@ -1204,6 +1146,7 @@
{
unsigned int extension_type;
size_t extension_data_len;
+ const unsigned char *extension_data_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -1211,42 +1154,66 @@
p += 4;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ extension_data_end = p + extension_data_len;
switch( extension_type )
{
- case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "found supported_versions extension" ) );
+ case MBEDTLS_TLS_EXT_COOKIE:
+ if( !is_hrr )
+ {
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
+ goto cleanup;
+ }
+
+ ret = ssl_tls13_parse_cookie_ext( ssl,
+ p, extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "ssl_tls13_parse_cookie_ext",
+ ret );
+ goto cleanup;
+ }
+ break;
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
ret = ssl_tls13_parse_supported_versions_ext( ssl,
p,
- p + extension_data_len );
+ extension_data_end );
if( ret != 0 )
- return( ret );
+ goto cleanup;
break;
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension." ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key:Not supported yet" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
- MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
- return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
+ goto cleanup;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_KEY_SHARE:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
- if( ( ret = ssl_tls13_parse_key_share_ext( ssl,
- p, p + extension_data_len ) ) != 0 )
+ if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
+ goto cleanup;
+ }
+
+ if( is_hrr )
+ ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
+ p, extension_data_end );
+ else
+ ret = ssl_tls13_parse_key_share_ext( ssl,
+ p, extension_data_end );
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
"ssl_tls13_parse_key_share_ext",
ret );
- return( ret );
+ goto cleanup;
}
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
default:
MBEDTLS_SSL_DEBUG_MSG(
@@ -1254,19 +1221,31 @@
( "unknown extension found: %u ( ignoring )",
extension_type ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
- MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
- return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
+ goto cleanup;
}
p += extension_data_len;
}
- return( 0 );
+cleanup:
+
+ if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ ret = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
+ }
+ else if ( fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ ret = MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+ return( ret );
}
-static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_key_set traffic_keys;
@@ -1380,6 +1359,36 @@
return( ret );
}
+static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ /* If not offering early data, the client sends a dummy CCS record
+ * immediately before its second flight. This may either be before
+ * its second ClientHello or before its encrypted handshake flight.
+ */
+ mbedtls_ssl_handshake_set_state( ssl,
+ MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO );
+#else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
+ mbedtls_ssl_session_reset_msg_layer( ssl, 0 );
+
+ /*
+ * We are going to re-generate a shared secret corresponding to the group
+ * selected by the server, which is different from the group for which we
+ * generated a shared secret in the first client hello.
+ * Thus, reset the shared secret.
+ */
+ ret = ssl_tls13_reset_key_share( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
/*
* Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO
@@ -1387,8 +1396,9 @@
static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *buf;
- size_t buf_len;
+ unsigned char *buf = NULL;
+ size_t buf_len = 0;
+ int is_hrr = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) );
@@ -1397,35 +1407,37 @@
* - Make sure it's either a ServerHello or a HRR.
* - Switch processing routine in case of HRR
*/
- ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );
- /* Parsing step
- * We know what message to expect by now and call
- * the respective parsing function.
- */
- if( ret == SSL_SERVER_HELLO_COORDINATE_HELLO )
- {
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
- buf + buf_len ) );
+ if( ret < 0 )
+ goto cleanup;
+ else
+ is_hrr = ( ret == SSL_SERVER_HELLO_COORDINATE_HRR );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, buf_len );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
- }
- else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR )
+ if( ret == SSL_SERVER_HELLO_COORDINATE_TLS1_2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "HRR not supported" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ ret = 0;
+ goto cleanup;
}
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
+ buf + buf_len,
+ is_hrr ) );
+ if( is_hrr )
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, buf_len );
+
+ if( is_hrr )
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_hrr( ssl ) );
+ else
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_server_hello( ssl ) );
+
cleanup:
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s", __func__ ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s ( %s )", __func__,
+ is_hrr?"HelloRetryRequest":"ServerHello" ) );
return( ret );
}
@@ -1469,8 +1481,8 @@
MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
@@ -1532,6 +1544,17 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
break;
+#if defined(MBEDTLS_SSL_ALPN)
+ case MBEDTLS_TLS_EXT_ALPN:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+
+ if( ( ret = ssl_tls13_parse_alpn_ext( ssl, p, (size_t)extension_data_len ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* MBEDTLS_SSL_ALPN */
default:
MBEDTLS_SSL_DEBUG_MSG(
3, ( "unsupported extension found: %u ", extension_type) );
@@ -1572,31 +1595,213 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
- * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
+ *
+ * STATE HANDLING: CertificateRequest
+ *
*/
-static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
+#define SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST 0
+#define SSL_CERTIFICATE_REQUEST_SKIP 1
+/* Coordination:
+ * Deals with the ambiguity of not knowing if a CertificateRequest
+ * will be sent. Returns a negative code on failure, or
+ * - SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST
+ * - SSL_CERTIFICATE_REQUEST_SKIP
+ * indicating if a Certificate Request is expected or not.
+ */
+static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
- int ret = mbedtls_ssl_read_record( ssl, 0 );
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ret != 0 )
+ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= skip parse certificate request" ) );
+ return( SSL_CERTIFICATE_REQUEST_SKIP );
+ }
+
+ if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
+ ssl->keep_current_message = 1;
if( ( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) &&
( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "CertificateRequest not supported" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST );
}
- ssl->keep_current_message = 1;
+ return( SSL_CERTIFICATE_REQUEST_SKIP );
+}
+
+/*
+ * ssl_tls13_parse_certificate_request()
+ * Parse certificate request
+ * struct {
+ * opaque certificate_request_context<0..2^8-1>;
+ * Extension extensions<2..2^16-1>;
+ * } CertificateRequest;
+ */
+static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *p = buf;
+ size_t certificate_request_context_len = 0;
+ size_t extensions_len = 0;
+ const unsigned char *extensions_end;
+ unsigned char sig_alg_ext_found = 0;
+
+ /* ...
+ * opaque certificate_request_context<0..2^8-1>
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+ certificate_request_context_len = (size_t) p[0];
+ p += 1;
+
+ if( certificate_request_context_len > 0 )
+ {
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_request_context_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context",
+ p, certificate_request_context_len );
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ handshake->certificate_request_context =
+ mbedtls_calloc( 1, certificate_request_context_len );
+ if( handshake->certificate_request_context == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+ memcpy( handshake->certificate_request_context, p,
+ certificate_request_context_len );
+ p += certificate_request_context_len;
+ }
+
+ /* ...
+ * Extension extensions<2..2^16-1>;
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+ extensions_end = p + extensions_len;
+
+ while( p < extensions_end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+
+ switch( extension_type )
+ {
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found signature algorithms extension" ) );
+ ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p,
+ p + extension_data_len );
+ if( ret != 0 )
+ return( ret );
+ if( ! sig_alg_ext_found )
+ sig_alg_ext_found = 1;
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Duplicate signature algorithms extensions found" ) );
+ goto decode_error;
+ }
+ break;
+
+ default:
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3,
+ ( "unknown extension found: %u ( ignoring )",
+ extension_type ) );
+ break;
+ }
+ p += extension_data_len;
+ }
+ /* Check that we consumed all the message. */
+ if( p != end )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "CertificateRequest misaligned" ) );
+ goto decode_error;
+ }
+ /* Check that we found signature algorithms extension */
+ if( ! sig_alg_ext_found )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "no signature algorithms extension found" ) );
+ goto decode_error;
+ }
+
+ ssl->handshake->client_auth = 1;
+ return( 0 );
+
+decode_error:
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
+ */
+static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+
+ if( ret == SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST )
+ {
+ unsigned char *buf;
+ size_t buf_len;
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_request( ssl,
+ buf, buf + buf_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ buf, buf_len );
+ }
+ else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+ ret = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
+ ssl->handshake->client_auth ? "a" : "no" ) );
+
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
- return( 0 );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
+ return( ret );
}
/*
@@ -1646,29 +1851,64 @@
ssl,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
#else
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-#endif
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
return( 0 );
}
/*
- * Handler for MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{
- int ret;
+ int non_empty_certificate_msg = 0;
- ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
- if( ret != 0 )
- return( ret );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Switch to handshake traffic keys for outbound traffic" ) );
+ mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if( ssl->handshake->client_auth )
+ {
+ int ret = mbedtls_ssl_tls13_write_certificate( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ if( mbedtls_ssl_own_cert( ssl ) != NULL )
+ non_empty_certificate_msg = 1;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
+ }
+#endif
+
+ if( non_empty_certificate_msg )
+ {
+ mbedtls_ssl_handshake_set_state( ssl,
+ MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+ }
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
+ */
+static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
+{
+ int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
+
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
@@ -1677,8 +1917,6 @@
{
int ret;
- mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
-
ret = mbedtls_ssl_tls13_write_finished_message( ssl );
if( ret != 0 )
return( ret );
@@ -1718,10 +1956,6 @@
{
int ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 client state: %s(%d)",
- mbedtls_ssl_states_str( ssl->state ),
- ssl->state ) );
-
switch( ssl->state )
{
/*
@@ -1730,7 +1964,7 @@
*/
case MBEDTLS_SSL_HELLO_REQUEST:
case MBEDTLS_SSL_CLIENT_HELLO:
- ret = ssl_tls13_write_client_hello( ssl );
+ ret = mbedtls_ssl_write_client_hello( ssl );
break;
case MBEDTLS_SSL_SERVER_HELLO:
@@ -1759,6 +1993,16 @@
ret = ssl_tls13_process_server_finished( ssl );
break;
+ case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+ ret = ssl_tls13_write_client_certificate( ssl );
+ break;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
+ ret = ssl_tls13_write_client_certificate_verify( ssl );
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls13_write_client_finished( ssl );
break;
@@ -1775,8 +2019,16 @@
* Injection of dummy-CCS's for middlebox compatibility
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+ break;
+
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
- ret = ssl_tls13_write_change_cipher_spec( ssl );
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
@@ -1788,6 +2040,6 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1260740..4bee319 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -19,9 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@@ -34,6 +32,7 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
@@ -73,72 +72,8 @@
return( ret );
}
-int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len )
-{
- /*
- * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
- * ...
- * HandshakeType msg_type;
- * uint24 length;
- * ...
- */
- *buf = ssl->out_msg + 4;
- *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
-
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = hs_type;
-
- return( 0 );
-}
-
-int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
- size_t buf_len,
- size_t msg_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t msg_with_header_len;
- ((void) buf_len);
-
- /* Add reserved 4 bytes for handshake header */
- msg_with_header_len = msg_len + 4;
- ssl->out_msglen = msg_with_header_len;
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) );
-
-cleanup:
- return( ret );
-}
-
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len )
-{
- mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
- ssl->handshake->update_checksum( ssl, msg, msg_len );
-}
-
-void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len )
-{
- unsigned char hs_hdr[4];
-
- /* Build HS header for checksum update. */
- hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
- hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
- hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
- hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
-
- ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
-}
-
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/*
- * mbedtls_ssl_tls13_write_sig_alg_ext( )
+/* mbedtls_ssl_tls13_parse_sig_alg_ext()
*
* enum {
* ....
@@ -151,72 +86,64 @@
* struct {
* SignatureScheme supported_signature_algorithms<2..2^16-2>;
* } SignatureSchemeList;
- *
- * Only if we handle at least one key exchange that needs signatures.
*/
-int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
+int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
{
- unsigned char *p = buf;
- unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
- size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
+ const unsigned char *p = buf;
+ size_t supported_sig_algs_len = 0;
+ const unsigned char *supported_sig_algs_end;
+ uint16_t sig_alg;
+ uint32_t common_idx = 0;
- *out_len = 0;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
- /* Skip the extension on the client if all allowed key exchanges
- * are PSK-based. */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ memset( ssl->handshake->received_sig_algs, 0,
+ sizeof(ssl->handshake->received_sig_algs) );
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len );
+ supported_sig_algs_end = p + supported_sig_algs_len;
+ while( p < supported_sig_algs_end )
{
- return( 0 );
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
-
- /* Check if we have space for header and length field:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - supported_signature_algorithms_length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
-
- /*
- * Write supported_signature_algorithms
- */
- supported_sig_alg = p;
- for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
- *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
- {
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 );
+ sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
- }
- /* Length of supported_signature_algorithms */
- supported_sig_alg_len = p - supported_sig_alg;
- if( supported_sig_alg_len == 0 )
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x",
+ sig_alg ) );
+
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ||
+ ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) )
+ continue;
+
+ if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
+ {
+ ssl->handshake->received_sig_algs[common_idx] = sig_alg;
+ common_idx += 1;
+ }
+ }
+ /* Check that we consumed all the message. */
+ if( p != end )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Signature algorithms extension length misaligned" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
- /* Write length of supported_signature_algorithms */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
+ if( common_idx == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
- /* Output the total length of signature algorithms extension. */
- *out_len = p - buf;
-
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+ ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE;
return( 0 );
}
@@ -293,19 +220,6 @@
*verify_buffer_len = idx;
}
-static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
- uint16_t sig_alg )
-{
- const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
-
- for( ; *tls13_sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; tls13_sig_alg++ )
- {
- if( *tls13_sig_alg == sig_alg )
- return( 1 );
- }
- return( 0 );
-}
-
static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end,
@@ -350,7 +264,7 @@
*
* Check if algorithm is an offered signature algorithm.
*/
- if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
+ if( ! mbedtls_ssl_sig_alg_is_offered( ssl, algorithm ) )
{
/* algorithm not in offered signature algorithms list */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
@@ -359,31 +273,10 @@
goto error;
}
- /* We currently only support ECDSA-based signatures */
- switch( algorithm )
+ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ algorithm, &sig_alg, &md_alg ) != 0 )
{
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
- md_alg = MBEDTLS_MD_SHA256;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
- md_alg = MBEDTLS_MD_SHA384;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
- md_alg = MBEDTLS_MD_SHA512;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) );
- md_alg = MBEDTLS_MD_SHA256;
- sig_alg = MBEDTLS_PK_RSASSA_PSS;
- break;
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
- goto error;
+ goto error;
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
@@ -524,8 +417,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
buf + buf_len, verify_buffer, verify_buffer_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, buf_len );
cleanup:
@@ -757,24 +650,6 @@
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
-
-#if defined(MBEDTLS_ECP_C)
- {
- const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
-
- /* If certificate uses an EC key, make sure the curve is OK */
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
- mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
- {
- verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) );
- if( ret == 0 )
- ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
- }
- }
-#endif /* MBEDTLS_ECP_C */
-
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
ssl->handshake->ciphersuite_info,
!ssl->conf->endpoint,
@@ -859,8 +734,8 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
- buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+ buf, buf_len );
cleanup:
@@ -871,6 +746,376 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * enum {
+ * X509(0),
+ * RawPublicKey(2),
+ * (255)
+ * } CertificateType;
+ *
+ * struct {
+ * select (certificate_type) {
+ * case RawPublicKey:
+ * // From RFC 7250 ASN.1_subjectPublicKeyInfo
+ * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
+ *
+ * case X509:
+ * opaque cert_data<1..2^24-1>;
+ * };
+ * Extension extensions<0..2^16-1>;
+ * } CertificateEntry;
+ *
+ * struct {
+ * opaque certificate_request_context<0..2^8-1>;
+ * CertificateEntry certificate_list<0..2^24-1>;
+ * } Certificate;
+ */
+static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
+ unsigned char *p = buf;
+ unsigned char *certificate_request_context =
+ ssl->handshake->certificate_request_context;
+ unsigned char certificate_request_context_len =
+ ssl->handshake->certificate_request_context_len;
+ unsigned char *p_certificate_list_len;
+
+
+ /* ...
+ * opaque certificate_request_context<0..2^8-1>;
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, certificate_request_context_len + 1 );
+ *p++ = certificate_request_context_len;
+ if( certificate_request_context_len > 0 )
+ {
+ memcpy( p, certificate_request_context, certificate_request_context_len );
+ p += certificate_request_context_len;
+ }
+
+ /* ...
+ * CertificateEntry certificate_list<0..2^24-1>;
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+ p_certificate_list_len = p;
+ p += 3;
+
+ MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt );
+
+ while( crt != NULL )
+ {
+ size_t cert_data_len = crt->raw.len;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, cert_data_len + 3 + 2 );
+ MBEDTLS_PUT_UINT24_BE( cert_data_len, p, 0 );
+ p += 3;
+
+ memcpy( p, crt->raw.p, cert_data_len );
+ p += cert_data_len;
+ crt = crt->next;
+
+ /* Currently, we don't have any certificate extensions defined.
+ * Hence, we are sending an empty extension with length zero.
+ */
+ MBEDTLS_PUT_UINT24_BE( 0, p, 0 );
+ p += 2;
+ }
+
+ MBEDTLS_PUT_UINT24_BE( p - p_certificate_list_len - 3,
+ p_certificate_list_len, 0 );
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
+{
+ int ret;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
+ buf,
+ buf + buf_len,
+ &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+ buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+ return( ret );
+}
+
+/*
+ * STATE HANDLING: Output Certificate Verify
+ */
+static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
+ mbedtls_pk_context *own_key,
+ uint16_t *algorithm )
+{
+ mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key );
+ /* Determine the size of the key */
+ size_t own_key_size = mbedtls_pk_get_bitlen( own_key );
+ *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
+ ((void) own_key_size);
+
+ switch( sig )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ case MBEDTLS_SSL_SIG_ECDSA:
+ switch( own_key_size )
+ {
+ case 256:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
+ return( 0 );
+ case 384:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
+ return( 0 );
+ case 521:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
+ return( 0 );
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown key size: %"
+ MBEDTLS_PRINTF_SIZET " bits",
+ own_key_size ) );
+ break;
+ }
+ break;
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_RSA_C)
+ case MBEDTLS_SSL_SIG_RSA:
+#if defined(MBEDTLS_PKCS1_V21)
+#if defined(MBEDTLS_SHA256_C)
+ if( own_key_size <= 2048 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA384_C)
+ if( own_key_size <= 3072 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA384_C */
+#if defined(MBEDTLS_SHA512_C)
+ if( own_key_size <= 4096 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_SHA256_C)
+ if( own_key_size <= 2048 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA384_C)
+ if( own_key_size <= 3072 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA384_C */
+#if defined(MBEDTLS_SHA512_C)
+ if( own_key_size <= 4096 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V15 */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown key size: %"
+ MBEDTLS_PRINTF_SIZET " bits",
+ own_key_size ) );
+ }
+ break;
+#endif /* MBEDTLS_RSA_C */
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "unkown signature type : %u", sig ) );
+ break;
+ }
+ return( -1 );
+}
+
+static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret;
+ unsigned char *p = buf;
+ mbedtls_pk_context *own_key;
+
+ unsigned char handshake_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+ size_t handshake_hash_len;
+ unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
+ size_t verify_buffer_len;
+ mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
+ mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+ uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
+ size_t signature_len = 0;
+ const mbedtls_md_info_t *md_info;
+ unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ];
+ size_t verify_hash_len;
+
+ *out_len = 0;
+
+ own_key = mbedtls_ssl_own_key( ssl );
+ if( own_key == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl,
+ ssl->handshake->ciphersuite_info->mac,
+ handshake_hash,
+ sizeof( handshake_hash ),
+ &handshake_hash_len );
+ if( ret != 0 )
+ return( ret );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash",
+ handshake_hash,
+ handshake_hash_len);
+
+ ssl_tls13_create_verify_structure( handshake_hash, handshake_hash_len,
+ verify_buffer, &verify_buffer_len,
+ ssl->conf->endpoint );
+
+ /*
+ * struct {
+ * SignatureScheme algorithm;
+ * opaque signature<0..2^16-1>;
+ * } CertificateVerify;
+ */
+ ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
+ if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "signature algorithm not in received or offered list." ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
+ mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ algorithm, &pk_type, &md_alg ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Check there is space for the algorithm identifier (2 bytes) and the
+ * signature length (2 bytes).
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+ MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 );
+ p += 2;
+
+ /* Hash verify buffer with indicated hash function */
+ md_info = mbedtls_md_info_from_type( md_alg );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ ret = mbedtls_md( md_info, verify_buffer, verify_buffer_len, verify_hash );
+ if( ret != 0 )
+ return( ret );
+
+ verify_hash_len = mbedtls_md_get_size( md_info );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+
+ if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
+ md_alg, verify_hash, verify_hash_len,
+ p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+ return( ret );
+ }
+
+ MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 );
+ p += 2 + signature_len;
+
+ *out_len = (size_t)( p - buf );
+
+ return( ret );
+}
+
+int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body(
+ ssl, buf, buf + buf_len, &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
+ return( ret );
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
*
@@ -1031,8 +1276,8 @@
MBEDTLS_SSL_HS_FINISHED,
&buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+ buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
cleanup:
@@ -1109,20 +1354,18 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
- buf, msg_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+ buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
- buf_len, msg_len ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
@@ -1154,7 +1397,6 @@
*
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-
static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1175,8 +1417,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
/* Write CCS message */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_change_cipher_spec_body(
ssl, ssl->out_msg,
@@ -1186,7 +1426,7 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
/* Dispatch message */
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 1 ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) );
cleanup:
@@ -1196,6 +1436,105 @@
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+/* Reset SSL context and update hash for handling HRR.
+ *
+ * Replace Transcript-Hash(X) by
+ * Transcript-Hash( message_hash ||
+ * 00 00 Hash.length ||
+ * X )
+ * A few states of the handshake are preserved, including:
+ * - session ID
+ * - session ticket
+ * - negotiated ciphersuite
+ */
+int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char hash_transcript[ MBEDTLS_MD_MAX_SIZE + 4 ];
+ size_t hash_len;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-#endif /* MBEDTLS_SSL_TLS_C */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl, ciphersuite_info->mac,
+ hash_transcript + 4,
+ MBEDTLS_MD_MAX_SIZE,
+ &hash_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 4, "mbedtls_ssl_get_handshake_transcript", ret );
+ return( ret );
+ }
+
+ hash_transcript[0] = MBEDTLS_SSL_HS_MESSAGE_HASH;
+ hash_transcript[1] = 0;
+ hash_transcript[2] = 0;
+ hash_transcript[3] = (unsigned char) hash_len;
+
+ hash_len += 4;
+
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
+ {
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-256 handshake transcript",
+ hash_transcript, hash_len );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha256_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
+ mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+#endif
+#endif /* MBEDTLS_SHA256_C */
+ }
+ else if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ {
+#if defined(MBEDTLS_SHA384_C)
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
+ hash_transcript, hash_len );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha384_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
+ mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+#endif /* MBEDTLS_SHA384_C */
+ }
+
+#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C)
+ ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
+#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
+
+ return( ret );
+}
+
+#if defined(MBEDTLS_ECDH_C)
+
+int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t buf_len )
+{
+ uint8_t *p = (uint8_t*)buf;
+ const uint8_t *end = buf + buf_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* Check if key size is consistent with given buffer length. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, peerkey_len );
+
+ /* Store peer's ECDH public key. */
+ memcpy( handshake->ecdh_psa_peerkey, p, peerkey_len );
+ handshake->ecdh_psa_peerkey_len = peerkey_len;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
new file mode 100644
index 0000000..4e39f90
--- /dev/null
+++ b/library/ssl_tls13_invasive.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_SSL_TLS13_INVASIVE_H
+#define MBEDTLS_SSL_TLS13_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
+#include "psa/crypto.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/**
+ * \brief Take the input keying material \p ikm and extract from it a
+ * fixed-length pseudorandom key \p prk.
+ *
+ * \param hash_alg Hash algorithm to use.
+ * \param salt An optional salt value (a non-secret random value);
+ * if the salt is not provided, a string of all zeros
+ * of the length of the hash provided by \p alg is used
+ * as the salt.
+ * \param salt_len The length in bytes of the optional \p salt.
+ * \param ikm The input keying material.
+ * \param ikm_len The length in bytes of \p ikm.
+ * \param[out] prk A pseudorandom key of \p prk_len bytes.
+ * \param prk_size Size of the \p prk buffer in bytes.
+ * \param[out] prk_len On success, the length in bytes of the
+ * pseudorandom key in \p prk.
+ *
+ * \return 0 on success.
+ * \return #PSA_ERROR_INVALID_ARGUMENT when the parameters are invalid.
+ * \return An PSA_ERROR_* error for errors returned from the underlying
+ * PSA layer.
+ */
+psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg,
+ const unsigned char *salt, size_t salt_len,
+ const unsigned char *ikm, size_t ikm_len,
+ unsigned char *prk, size_t prk_size,
+ size_t *prk_len );
+
+/**
+ * \brief Expand the supplied \p prk into several additional pseudorandom
+ * keys, which is the output of the HKDF.
+ *
+ * \param hash_alg Hash algorithm to use.
+ * \param prk A pseudorandom key of \p prk_len bytes. \p prk is
+ * usually the output from the HKDF extract step.
+ * \param prk_len The length in bytes of \p prk.
+ * \param info An optional context and application specific information
+ * string. This can be a zero-length string.
+ * \param info_len The length of \p info in bytes.
+ * \param okm The output keying material of \p okm_len bytes.
+ * \param okm_len The length of the output keying material in bytes. This
+ * must be less than or equal to
+ * 255 * #PSA_HASH_LENGTH( \p alg ) bytes.
+ *
+ * \return 0 on success.
+ * \return #PSA_ERROR_INVALID_ARGUMENT when the parameters are invalid.
+ * \return An PSA_ERROR_* error for errors returned from the underlying
+ * PSA layer.
+ */
+psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg,
+ const unsigned char *prk, size_t prk_len,
+ const unsigned char *info, size_t info_len,
+ unsigned char *okm, size_t okm_len );
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 99eb8a4..6559bc9 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -30,6 +30,9 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
+#include "ssl_tls13_invasive.h"
+
+#include "psa/crypto.h"
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string,
@@ -133,14 +136,189 @@
*dst_len = total_hkdf_lbl_len;
}
+MBEDTLS_STATIC_TESTABLE
+psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg,
+ const unsigned char *salt, size_t salt_len,
+ const unsigned char *ikm, size_t ikm_len,
+ unsigned char *prk, size_t prk_size,
+ size_t *prk_len )
+{
+ unsigned char null_salt[PSA_MAC_MAX_SIZE] = { '\0' };
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
+
+ if( salt == NULL || salt_len == 0 )
+ {
+ size_t hash_len;
+
+ if( salt_len != 0 )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ hash_len = PSA_HASH_LENGTH( alg );
+
+ if( hash_len == 0 )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ /* salt_len <= sizeof( salt ) because
+ PSA_HASH_LENGTH( alg ) <= PSA_MAC_MAX_SIZE. */
+ salt = null_salt;
+ salt_len = hash_len;
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ status = psa_import_key( &attributes, salt, salt_len, &key );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ status = psa_mac_compute( key, alg, ikm, ikm_len, prk, prk_size, prk_len );
+
+cleanup:
+ destroy_status = psa_destroy_key( key );
+
+ return( ( status == PSA_SUCCESS ) ? destroy_status : status );
+}
+
+MBEDTLS_STATIC_TESTABLE
+psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg,
+ const unsigned char *prk, size_t prk_len,
+ const unsigned char *info, size_t info_len,
+ unsigned char *okm, size_t okm_len )
+{
+ size_t hash_len;
+ size_t where = 0;
+ size_t n;
+ size_t t_len = 0;
+ size_t i;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
+ unsigned char t[PSA_MAC_MAX_SIZE];
+ psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
+
+ if( okm == NULL )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ hash_len = PSA_HASH_LENGTH( alg );
+
+ if( prk_len < hash_len || hash_len == 0 )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ if( info == NULL )
+ {
+ info = (const unsigned char *) "";
+ info_len = 0;
+ }
+
+ n = okm_len / hash_len;
+
+ if( okm_len % hash_len != 0 )
+ {
+ n++;
+ }
+
+ /*
+ * Per RFC 5869 Section 2.3, okm_len must not exceed
+ * 255 times the hash length
+ */
+ if( n > 255 )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ status = psa_import_key( &attributes, prk, prk_len, &key );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ memset( t, 0, hash_len );
+
+ /*
+ * Compute T = T(1) | T(2) | T(3) | ... | T(N)
+ * Where T(N) is defined in RFC 5869 Section 2.3
+ */
+ for( i = 1; i <= n; i++ )
+ {
+ size_t num_to_copy;
+ unsigned char c = i & 0xff;
+ size_t len;
+
+ status = psa_mac_sign_setup( &operation, key, alg );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ status = psa_mac_update( &operation, t, t_len );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ status = psa_mac_update( &operation, info, info_len );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ /* The constant concatenated to the end of each T(n) is a single octet. */
+ status = psa_mac_update( &operation, &c, 1 );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ status = psa_mac_sign_finish( &operation, t, PSA_MAC_MAX_SIZE, &len );
+ if( status != PSA_SUCCESS )
+ {
+ goto cleanup;
+ }
+
+ num_to_copy = i != n ? hash_len : okm_len - where;
+ memcpy( okm + where, t, num_to_copy );
+ where += hash_len;
+ t_len = hash_len;
+ }
+
+cleanup:
+ if( status != PSA_SUCCESS )
+ psa_mac_abort( &operation );
+ destroy_status = psa_destroy_key( key );
+
+ mbedtls_platform_zeroize( t, sizeof( t ) );
+
+ return( ( status == PSA_SUCCESS ) ? destroy_status : status );
+}
+
int mbedtls_ssl_tls13_hkdf_expand_label(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
unsigned char *buf, size_t buf_len )
{
- const mbedtls_md_info_t *md_info;
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
@@ -164,8 +342,7 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl_tls13_hkdf_encode_label( buf_len,
@@ -174,10 +351,11 @@
hkdf_label,
&hkdf_label_len );
- return( mbedtls_hkdf_expand( md_info,
- secret, secret_len,
- hkdf_label, hkdf_label_len,
- buf, buf_len ) );
+ return( psa_ssl_status_to_mbedtls(
+ mbedtls_psa_hkdf_expand( hash_alg,
+ secret, secret_len,
+ hkdf_label, hkdf_label_len,
+ buf, buf_len ) ) );
}
/*
@@ -197,7 +375,7 @@
* keys in a single function call.
*/
int mbedtls_ssl_tls13_make_traffic_keys(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret, size_t secret_len,
size_t key_len, size_t iv_len,
@@ -244,7 +422,7 @@
}
int mbedtls_ssl_tls13_derive_secret(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
@@ -252,19 +430,18 @@
unsigned char *dstbuf, size_t dstbuf_len )
{
int ret;
- unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ];
-
- const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
+ unsigned char hashed_context[ PSA_HASH_MAX_SIZE ];
if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED )
{
- ret = mbedtls_md( md_info, ctx, ctx_len, hashed_context );
- if( ret != 0 )
- return( ret );
- ctx_len = mbedtls_md_get_size( md_info );
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ status = psa_hash_compute( hash_alg, ctx, ctx_len, hashed_context,
+ PSA_HASH_LENGTH( hash_alg ), &ctx_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ return ret;
+ }
}
else
{
@@ -285,25 +462,25 @@
label, label_len,
hashed_context, ctx_len,
dstbuf, dstbuf_len ) );
+
}
int mbedtls_ssl_tls13_evolve_secret(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
unsigned char *secret_new )
{
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
size_t hlen, ilen;
- unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
+ unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
+ size_t secret_len;
- const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- hlen = mbedtls_md_get_size( md_info );
+ hlen = PSA_HASH_LENGTH( hash_alg );
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
@@ -333,14 +510,11 @@
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
- ret = mbedtls_hkdf_extract( md_info,
- tmp_secret, hlen,
- tmp_input, ilen,
- secret_new );
- if( ret != 0 )
- goto cleanup;
-
- ret = 0;
+ ret = psa_ssl_status_to_mbedtls(
+ mbedtls_psa_hkdf_extract( hash_alg,
+ tmp_secret, hlen,
+ tmp_input, ilen,
+ secret_new, hlen, &secret_len ) );
cleanup:
@@ -350,18 +524,17 @@
}
int mbedtls_ssl_tls13_derive_early_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_early_secrets *derived )
{
int ret;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/*
@@ -379,24 +552,24 @@
*/
/* Create client_early_traffic_secret */
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- early_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ early_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->client_early_traffic_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
/* Create early exporter */
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- early_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ early_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->early_exporter_master_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
@@ -404,18 +577,17 @@
}
int mbedtls_ssl_tls13_derive_handshake_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_handshake_secrets *derived )
{
int ret;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/*
@@ -437,13 +609,13 @@
* Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- handshake_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ handshake_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->client_handshake_traffic_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
@@ -452,13 +624,13 @@
* Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- handshake_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ handshake_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->server_handshake_traffic_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
@@ -466,18 +638,17 @@
}
int mbedtls_ssl_tls13_derive_application_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/* Generate {client,server}_application_traffic_secret_0
@@ -498,33 +669,33 @@
*
*/
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- application_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ application_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->client_application_traffic_secret_N,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- application_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ application_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->server_application_traffic_secret_N,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- application_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ application_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->exporter_master_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
@@ -536,27 +707,26 @@
* This is not integrated with mbedtls_ssl_tls13_derive_application_secrets()
* because it uses the transcript hash up to and including ClientFinished. */
int mbedtls_ssl_tls13_derive_resumption_master_secret(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- application_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ application_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
transcript, transcript_len,
MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
derived->resumption_master_secret,
- md_size );
+ hash_len );
if( ret != 0 )
return( ret );
@@ -568,16 +738,13 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
-#if defined(MBEDTLS_DEBUG_C)
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
-#endif /* MBEDTLS_DEBUG_C */
+ psa_algorithm_t const hash_alg = mbedtls_psa_translate_md(
+ handshake->ciphersuite_info->mac );
/*
* Compute MasterSecret
*/
- ret = mbedtls_ssl_tls13_evolve_secret( md_type,
+ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
handshake->tls13_master_secrets.handshake,
NULL, 0,
handshake->tls13_master_secrets.app );
@@ -588,24 +755,28 @@
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
- handshake->tls13_master_secrets.app, md_size );
+ handshake->tls13_master_secrets.app, PSA_HASH_LENGTH( hash_alg ) );
return( 0 );
}
-static int ssl_tls13_calc_finished_core( mbedtls_md_type_t md_type,
+static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg,
unsigned char const *base_key,
unsigned char const *transcript,
- unsigned char *dst )
+ unsigned char *dst,
+ size_t *dst_len )
{
- const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- unsigned char finished_key[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t hash_len = PSA_HASH_LENGTH( hash_alg );
+ unsigned char finished_key[PSA_MAC_MAX_SIZE];
int ret;
+ psa_algorithm_t alg;
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/* TLS 1.3 Finished message
@@ -626,20 +797,37 @@
*/
ret = mbedtls_ssl_tls13_hkdf_expand_label(
- md_type, base_key, md_size,
+ hash_alg, base_key, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
NULL, 0,
- finished_key, md_size );
+ finished_key, hash_len );
if( ret != 0 )
goto exit;
- ret = mbedtls_md_hmac( md_info, finished_key, md_size, transcript, md_size, dst );
- if( ret != 0 )
+ alg = PSA_ALG_HMAC( hash_alg );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ status = psa_import_key( &attributes, finished_key, hash_len, &key );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
goto exit;
+ }
+
+ status = psa_mac_compute( key, alg, transcript, hash_len,
+ dst, hash_len, dst_len );
+ ret = psa_ssl_status_to_mbedtls( status );
exit:
+ status = psa_destroy_key( key );
+ if( ret == 0 )
+ ret = psa_ssl_status_to_mbedtls( status );
+
mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) );
+
return( ret );
}
@@ -660,9 +848,10 @@
&ssl->handshake->tls13_hs_secrets;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
- const mbedtls_md_info_t* const md_info =
- mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md(
+ ssl->handshake->ciphersuite_info->mac );
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
@@ -677,7 +866,7 @@
base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret );
}
- if( dst_len < md_size )
+ if( dst_len < hash_len )
{
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
@@ -693,12 +882,11 @@
}
MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
- ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
+ ret = ssl_tls13_calc_finished_core( hash_alg, base_key, transcript, dst, actual_len );
if( ret != 0 )
goto exit;
- *actual_len = md_size;
- MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, hash_len );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
exit:
@@ -709,17 +897,17 @@
}
int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md_type,
+ const psa_algorithm_t hash_alg,
unsigned char const *psk, size_t psk_len,
int psk_type,
unsigned char const *transcript,
unsigned char *result )
{
int ret = 0;
- unsigned char binder_key[MBEDTLS_MD_MAX_SIZE];
- unsigned char early_secret[MBEDTLS_MD_MAX_SIZE];
- mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
+ unsigned char binder_key[PSA_MAC_MAX_SIZE];
+ unsigned char early_secret[PSA_MAC_MAX_SIZE];
+ size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+ size_t actual_len;
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for debug */
@@ -728,7 +916,7 @@
/* We should never call this function with an unknown hash,
* but add an assertion anyway. */
- if( md_info == 0 )
+ if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/*
@@ -742,7 +930,7 @@
* v
*/
- ret = mbedtls_ssl_tls13_evolve_secret( md_type,
+ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
NULL, /* Old secret */
psk, psk_len, /* Input */
early_secret );
@@ -754,20 +942,20 @@
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- early_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ early_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
- binder_key, md_size );
+ binder_key, hash_len );
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'res binder'" ) );
}
else
{
- ret = mbedtls_ssl_tls13_derive_secret( md_type,
- early_secret, md_size,
+ ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
+ early_secret, hash_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
- binder_key, md_size );
+ binder_key, hash_len );
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'ext binder'" ) );
}
@@ -782,11 +970,12 @@
* but with the BaseKey being the binder_key.
*/
- ret = ssl_tls13_calc_finished_core( md_type, binder_key, transcript, result );
+ ret = ssl_tls13_calc_finished_core( hash_alg, binder_key, transcript,
+ result, &actual_len );
if( ret != 0 )
goto exit;
- MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, md_size );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, actual_len );
exit:
@@ -801,7 +990,9 @@
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
{
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_cipher_info_t const *cipher_info;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
@@ -809,6 +1000,14 @@
unsigned char const *key_dec;
unsigned char const *iv_dec;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t key_type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ size_t key_bits;
+ psa_status_t status = PSA_SUCCESS;
+#endif
+
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
@@ -830,10 +1029,10 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup cipher contexts in target transform
*/
-
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
@@ -847,6 +1046,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -876,6 +1076,7 @@
memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
key_enc, cipher_info->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
@@ -891,6 +1092,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Setup other fields in SSL transform
@@ -904,7 +1106,7 @@
transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen;
- transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
+ transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the
@@ -913,13 +1115,57 @@
transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /*
+ * Setup psa keys and alg
+ */
+ if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
+ transform->taglen,
+ &alg,
+ &key_type,
+ &key_bits ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls( status ) );
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ transform->psa_alg = alg;
+
+ if ( alg != MBEDTLS_SSL_NULL_CIPHER )
+ {
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ if( ( status = psa_import_key( &attributes,
+ key_enc,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_enc ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+
+ if( ( status = psa_import_key( &attributes,
+ key_dec,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_dec ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
return( 0 );
}
int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_type_t md_type;
+ psa_algorithm_t hash_alg;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
if( handshake->ciphersuite_info == NULL )
@@ -928,9 +1174,9 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- md_type = handshake->ciphersuite_info->mac;
+ hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
- ret = mbedtls_ssl_tls13_evolve_secret( md_type, NULL, NULL, 0,
+ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0,
handshake->tls13_master_secrets.early );
if( ret != 0 )
{
@@ -949,8 +1195,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_type;
- mbedtls_md_info_t const *md_info;
- size_t md_size;
+
+ psa_algorithm_t hash_alg;
+ size_t hash_len;
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
@@ -969,8 +1216,9 @@
iv_len = cipher_info->iv_size;
md_type = ciphersuite_info->mac;
- md_info = mbedtls_md_info_from_type( md_type );
- md_size = mbedtls_md_get_size( md_info );
+
+ hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+ hash_len = PSA_HASH_LENGTH( hash_alg );
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
transcript,
@@ -984,7 +1232,7 @@
return( ret );
}
- ret = mbedtls_ssl_tls13_derive_handshake_secrets( md_type,
+ ret = mbedtls_ssl_tls13_derive_handshake_secrets( hash_alg,
handshake->tls13_master_secrets.handshake,
transcript, transcript_len, tls13_hs_secrets );
if( ret != 0 )
@@ -996,10 +1244,10 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
tls13_hs_secrets->client_handshake_traffic_secret,
- md_size );
+ hash_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
tls13_hs_secrets->server_handshake_traffic_secret,
- md_size );
+ hash_len );
/*
* Export client handshake traffic secret
@@ -1009,24 +1257,24 @@
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->client_handshake_traffic_secret,
- md_size,
- handshake->randbytes + 32,
+ hash_len,
handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->server_handshake_traffic_secret,
- md_size,
- handshake->randbytes + 32,
+ hash_len,
handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
}
- ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
+ ret = mbedtls_ssl_tls13_make_traffic_keys( hash_alg,
tls13_hs_secrets->client_handshake_traffic_secret,
tls13_hs_secrets->server_handshake_traffic_secret,
- md_size, key_len, iv_len, traffic_keys );
+ hash_len, key_len, iv_len, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
@@ -1059,14 +1307,12 @@
int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) && defined(MBEDTLS_ECDH_C)
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
- size_t ephemeral_len = 0;
- unsigned char ecdhe[MBEDTLS_ECP_MAX_BYTES];
-#if defined(MBEDTLS_DEBUG_C)
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
-#endif /* MBEDTLS_DEBUG_C */
+ psa_algorithm_t const hash_alg = mbedtls_psa_translate_md(
+ handshake->ciphersuite_info->mac );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
/*
@@ -1079,15 +1325,28 @@
if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
{
#if defined(MBEDTLS_ECDH_C)
- ret = mbedtls_ecdh_calc_secret( &handshake->ecdh_ctx,
- &ephemeral_len, ecdhe, sizeof( ecdhe ),
- ssl->conf->f_rng,
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
- return( ret );
- }
+ /* Compute ECDH shared secret. */
+ status = psa_raw_key_agreement(
+ PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
+ handshake->premaster, sizeof( handshake->premaster ),
+ &handshake->pmslen );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
+ return( ret );
+ }
+
+ status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ return( ret );
+ }
+
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_ECDH_C */
}
else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
@@ -1103,9 +1362,9 @@
/*
* Compute the Handshake Secret
*/
- ret = mbedtls_ssl_tls13_evolve_secret( md_type,
+ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
handshake->tls13_master_secrets.early,
- ecdhe, ephemeral_len,
+ handshake->premaster, handshake->pmslen,
handshake->tls13_master_secrets.handshake );
if( ret != 0 )
{
@@ -1114,10 +1373,11 @@
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
- handshake->tls13_master_secrets.handshake, md_size );
+ handshake->tls13_master_secrets.handshake,
+ PSA_HASH_LENGTH( hash_alg ) );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
- mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) );
+ mbedtls_platform_zeroize( handshake->premaster, sizeof( handshake->premaster ) );
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
return( 0 );
}
@@ -1142,8 +1402,9 @@
/* Variables relating to the hash for the chosen ciphersuite. */
mbedtls_md_type_t md_type;
- mbedtls_md_info_t const *md_info;
- size_t md_size;
+
+ psa_algorithm_t hash_alg;
+ size_t hash_len;
/* Variables relating to the cipher for the chosen ciphersuite. */
mbedtls_cipher_info_t const *cipher_info;
@@ -1159,8 +1420,9 @@
iv_len = cipher_info->iv_size;
md_type = handshake->ciphersuite_info->mac;
- md_info = mbedtls_md_info_from_type( md_type );
- md_size = mbedtls_md_get_size( md_info );
+
+ hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
+ hash_len = PSA_HASH_LENGTH( hash_alg );
/* Compute current handshake transcript. It's the caller's responsiblity
* to call this at the right time, that is, after the ServerFinished. */
@@ -1173,7 +1435,7 @@
/* Compute application secrets from master secret and transcript hash. */
- ret = mbedtls_ssl_tls13_derive_application_secrets( md_type,
+ ret = mbedtls_ssl_tls13_derive_application_secrets( hash_alg,
handshake->tls13_master_secrets.app,
transcript, transcript_len,
app_secrets );
@@ -1189,10 +1451,10 @@
/* Derive first epoch of IV + Key for application traffic. */
- ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
+ ret = mbedtls_ssl_tls13_make_traffic_keys( hash_alg,
app_secrets->client_application_traffic_secret_N,
app_secrets->server_application_traffic_secret_N,
- md_size, key_len, iv_len, traffic_keys );
+ hash_len, key_len, iv_len, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
@@ -1201,11 +1463,11 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
app_secrets->client_application_traffic_secret_N,
- md_size );
+ hash_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret",
app_secrets->server_application_traffic_secret_N,
- md_size );
+ hash_len );
/*
* Export client/server application traffic secret 0
@@ -1214,17 +1476,17 @@
{
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
- app_secrets->client_application_traffic_secret_N, md_size,
- handshake->randbytes + 32,
+ app_secrets->client_application_traffic_secret_N, hash_len,
handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
a new constant for TLS 1.3! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
- app_secrets->server_application_traffic_secret_N, md_size,
- handshake->randbytes + 32,
+ app_secrets->server_application_traffic_secret_N, hash_len,
handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
a new constant for TLS 1.3! */ );
}
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index da967c3..d56067c 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -44,6 +44,14 @@
MBEDTLS_SSL_TLS1_3_LABEL( client_cv , "TLS 1.3, client CertificateVerify" ) \
MBEDTLS_SSL_TLS1_3_LABEL( server_cv , "TLS 1.3, server CertificateVerify" )
+#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
+#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1
+
+#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0
+#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
const unsigned char name [ sizeof(string) - 1 ];
@@ -114,7 +122,7 @@
*/
int mbedtls_ssl_tls13_hkdf_expand_label(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
@@ -152,16 +160,12 @@
*/
int mbedtls_ssl_tls13_make_traffic_keys(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret, size_t secret_len,
size_t key_len, size_t iv_len,
mbedtls_ssl_key_set *keys );
-
-#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
-#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1
-
/**
* \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446.
*
@@ -202,7 +206,7 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_derive_secret(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
@@ -235,14 +239,14 @@
* is omitted here. Its calculation is part of the separate routine
* mbedtls_ssl_tls13_create_psk_binder().
*
- * \param md_type The hash algorithm associated with the PSK for which
+ * \param hash_alg The hash algorithm associated with the PSK for which
* early data key material is being derived.
* \param early_secret The early secret from which the early data key material
* should be derived. This must be a readable buffer whose
* length is the digest size of the hash algorithm
* represented by \p md_size.
* \param transcript The transcript of the handshake so far, calculated with
- * respect to \p md_type. This must be a readable buffer
+ * respect to \p hash_alg. This must be a readable buffer
* whose length is the digest size of the hash algorithm
* represented by \p md_size.
* \param derived The address of the structure in which to store
@@ -252,7 +256,7 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_derive_early_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_early_secrets *derived );
@@ -280,14 +284,14 @@
* the client and server secret derived by this function need to be
* further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
- * \param md_type The hash algorithm associated with the ciphersuite
+ * \param hash_alg The hash algorithm associated with the ciphersuite
* that's being used for the connection.
* \param handshake_secret The handshake secret from which the handshake key
* material should be derived. This must be a readable
* buffer whose length is the digest size of the hash
* algorithm represented by \p md_size.
* \param transcript The transcript of the handshake so far, calculated
- * with respect to \p md_type. This must be a readable
+ * with respect to \p hash_alg. This must be a readable
* buffer whose length is the digest size of the hash
* algorithm represented by \p md_size.
* \param derived The address of the structure in which to
@@ -297,7 +301,7 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_derive_handshake_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_handshake_secrets *derived );
@@ -329,7 +333,7 @@
* the client and server secret derived by this function need to be
* further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
- * \param md_type The hash algorithm associated with the ciphersuite
+ * \param hash_alg The hash algorithm associated with the ciphersuite
* that's being used for the connection.
* \param master_secret The master secret from which the application key
* material should be derived. This must be a readable
@@ -337,9 +341,9 @@
* algorithm represented by \p md_size.
* \param transcript The transcript of the handshake up to and including
* the ServerFinished message, calculated with respect
- * to \p md_type. This must be a readable buffer whose
+ * to \p hash_alg. This must be a readable buffer whose
* length is the digest size of the hash algorithm
- * represented by \p md_type.
+ * represented by \p hash_alg.
* \param derived The address of the structure in which to
* store the application key material.
*
@@ -347,7 +351,7 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_derive_application_secrets(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *master_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_application_secrets *derived );
@@ -358,7 +362,7 @@
* This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
- * \param md_type The hash algorithm used in the application for which
+ * \param hash_alg The hash algorithm used in the application for which
* key material is being derived.
* \param application_secret The application secret from which the resumption master
* secret should be derived. This must be a readable
@@ -366,9 +370,9 @@
* algorithm represented by \p md_size.
* \param transcript The transcript of the handshake up to and including
* the ClientFinished message, calculated with respect
- * to \p md_type. This must be a readable buffer whose
+ * to \p hash_alg. This must be a readable buffer whose
* length is the digest size of the hash algorithm
- * represented by \p md_type.
+ * represented by \p hash_alg.
* \param transcript_len The length of \p transcript in Bytes.
* \param derived The address of the structure in which to
* store the resumption master secret.
@@ -377,7 +381,7 @@
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_derive_resumption_master_secret(
- mbedtls_md_type_t md_type,
+ psa_algorithm_t hash_alg,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls13_application_secrets *derived );
@@ -450,20 +454,17 @@
*/
int mbedtls_ssl_tls13_evolve_secret(
- mbedtls_md_type_t hash_alg,
+ psa_algorithm_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
unsigned char *secret_new );
-#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0
-#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
-
/**
* \brief Calculate a TLS 1.3 PSK binder.
*
* \param ssl The SSL context. This is used for debugging only and may
* be \c NULL if MBEDTLS_DEBUG_C is disabled.
- * \param md_type The hash algorithm associated to the PSK \p psk.
+ * \param hash_alg The hash algorithm associated to the PSK \p psk.
* \param psk The buffer holding the PSK for which to create a binder.
* \param psk_len The size of \p psk in bytes.
* \param psk_type This indicates whether the PSK \p psk is externally
@@ -472,17 +473,17 @@
* \param transcript The handshake transcript up to the point where the
* PSK binder calculation happens. This must be readable,
* and its size must be equal to the digest size of
- * the hash algorithm represented by \p md_type.
+ * the hash algorithm represented by \p hash_alg.
* \param result The address at which to store the PSK binder on success.
* This must be writable, and its size must be equal to the
* digest size of the hash algorithm represented by
- * \p md_type.
+ * \p hash_alg.
*
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md_type,
+ const psa_algorithm_t hash_alg,
unsigned char const *psk, size_t psk_len,
int psk_type,
unsigned char const *transcript,
@@ -637,4 +638,6 @@
size_t *actual_len,
int which );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5e74083..8d1b1d8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -19,25 +19,751 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mbedtls/debug.h"
#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+#include <string.h>
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif /* MBEDTLS_ECP_C */
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif /* MBEDTLS_PLATFORM_C */
+
+/* From RFC 8446:
+ * struct {
+ * ProtocolVersion versions<2..254>;
+ * } SupportedVersions;
+ */
+static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t versions_len;
+ const unsigned char *versions_end;
+ uint16_t tls_version;
+ int tls13_supported = 0;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+ versions_len = p[0];
+ p += 1;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, versions_len );
+ versions_end = p + versions_len;
+ while( p < versions_end )
+ {
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, versions_end, 2 );
+ tls_version = mbedtls_ssl_read_version( p, ssl->conf->transport );
+ p += 2;
+
+ /* In this implementation we only support TLS 1.3 and DTLS 1.3. */
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ tls13_supported = 1;
+ break;
+ }
+ }
+
+ if( !tls13_supported )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 is not supported by the client" ) );
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+ MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Negotiated version. Supported is [%04x]",
+ (unsigned int)tls_version ) );
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_ECDH_C)
+/*
+ *
+ * From RFC 8446:
+ * enum {
+ * ... (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ */
+static int ssl_tls13_parse_supported_groups_ext(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *buf, const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t named_group_list_len;
+ const unsigned char *named_group_list_end;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "supported_groups extension", p, end - buf );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ named_group_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, named_group_list_len );
+ named_group_list_end = p + named_group_list_len;
+ ssl->handshake->hrr_selected_group = 0;
+
+ while( p < named_group_list_end )
+ {
+ uint16_t named_group;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, named_group_list_end, 2 );
+ named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
+
+ if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
+ ! mbedtls_ssl_named_group_is_supported( named_group ) ||
+ ssl->handshake->hrr_selected_group != 0 )
+ {
+ continue;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ( "add named group (%04x) into received list.",
+ named_group ) );
+ ssl->handshake->hrr_selected_group = named_group;
+ }
+
+ return( 0 );
+
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
+
+#if defined(MBEDTLS_ECDH_C)
+/*
+ * ssl_tls13_parse_key_shares_ext() verifies whether the information in the
+ * extension is correct and stores the first acceptable key share and its associated group.
+ *
+ * Possible return values are:
+ * - 0: Successful processing of the client provided key share extension.
+ * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by the client
+ * does not match a group supported by the server. A HelloRetryRequest will
+ * be needed.
+ * - A negative value for fatal errors.
+*/
+
+static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char const *p = buf;
+ unsigned char const *client_shares_end;
+ size_t client_shares_len, key_exchange_len;
+ int match_found = 0;
+
+ /* From RFC 8446:
+ *
+ * struct {
+ * KeyShareEntry client_shares<0..2^16-1>;
+ * } KeyShareClientHello;
+ *
+ */
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ client_shares_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, client_shares_len );
+
+ ssl->handshake->offered_group_id = 0;
+ client_shares_end = p + client_shares_len;
+
+ /* We try to find a suitable key share entry and copy it to the
+ * handshake context. Later, we have to find out whether we can do
+ * something with the provided key share or whether we have to
+ * dismiss it and send a HelloRetryRequest message.
+ */
+
+ for( ; p < client_shares_end; p += key_exchange_len )
+ {
+ uint16_t group;
+
+ /*
+ * struct {
+ * NamedGroup group;
+ * opaque key_exchange<1..2^16-1>;
+ * } KeyShareEntry;
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, 4 );
+ group = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, key_exchange_len );
+
+ /* Continue parsing even if we have already found a match,
+ * for input validation purposes.
+ */
+ if( match_found == 1 )
+ continue;
+
+ if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
+ ! mbedtls_ssl_named_group_is_supported( group ) )
+ {
+ continue;
+ }
+
+ /*
+ * For now, we only support ECDHE groups.
+ */
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_tls_id( group );
+ ((void) curve_info);
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+ ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
+ ssl, p - 2, key_exchange_len + 2 );
+ if( ret != 0 )
+ return( ret );
+
+ match_found = 1;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Unrecognized NamedGroup %u",
+ (unsigned) group ) );
+ continue;
+ }
+
+ ssl->handshake->offered_group_id = group;
+ }
+
+ if( match_found == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching key share" ) );
+ return( SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH );
+ }
+ return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
{
((void) ssl);
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- KEY_SHARE_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- PRE_SHARED_KEY_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SUPPORTED_GROUPS_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ?
+ "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SUPPORTED_VERSION_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION )
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SERVERNAME_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+}
+#endif /* MBEDTLS_DEBUG_C */
+
+static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
+ int exts_mask )
+{
+ int masked = ssl->handshake->extensions_present & exts_mask;
+ return( masked == exts_mask );
+}
+
+static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
+ mbedtls_ssl_context *ssl )
+{
+ return( ssl_tls13_client_hello_has_exts( ssl,
+ MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
+ MBEDTLS_SSL_EXT_KEY_SHARE |
+ MBEDTLS_SSL_EXT_SIG_ALG ) );
+}
+
+static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
+{
+ if( !mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
+ return( 0 );
+
+ if( !ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) )
+ return( 0 );
+
+ ssl->handshake->tls13_kex_modes =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ return( 1 );
+}
+
+/*
+ *
+ * STATE HANDLING: ClientHello
+ *
+ * There are three possible classes of outcomes when parsing the ClientHello:
+ *
+ * 1) The ClientHello was well-formed and matched the server's configuration.
+ *
+ * In this case, the server progresses to sending its ServerHello.
+ *
+ * 2) The ClientHello was well-formed but didn't match the server's
+ * configuration.
+ *
+ * For example, the client might not have offered a key share which
+ * the server supports, or the server might require a cookie.
+ *
+ * In this case, the server sends a HelloRetryRequest.
+ *
+ * 3) The ClientHello was ill-formed
+ *
+ * In this case, we abort the handshake.
+ *
+ */
+
+/*
+ * Structure of this message:
+ *
+ * uint16 ProtocolVersion;
+ * opaque Random[32];
+ * uint8 CipherSuite[2]; // Cryptographic suite selector
+ *
+ * struct {
+ * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
+ * Random random;
+ * opaque legacy_session_id<0..32>;
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * Extension extensions<8..2^16-1>;
+ * } ClientHello;
+ */
+
+#define SSL_CLIENT_HELLO_OK 0
+#define SSL_CLIENT_HELLO_HRR_REQUIRED 1
+
+static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *p = buf;
+ size_t legacy_session_id_len;
+ const unsigned char *cipher_suites;
+ size_t cipher_suites_len;
+ const unsigned char *cipher_suites_end;
+ size_t extensions_len;
+ const unsigned char *extensions_end;
+
+ const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+
+ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+
+ /*
+ * ClientHello layout:
+ * 0 . 1 protocol version
+ * 2 . 33 random bytes
+ * 34 . 34 session id length ( 1 byte )
+ * 35 . 34+x session id
+ * .. . .. ciphersuite list length ( 2 bytes )
+ * .. . .. ciphersuite list
+ * .. . .. compression alg. list length ( 1 byte )
+ * .. . .. compression alg. list
+ * .. . .. extensions length ( 2 bytes, optional )
+ * .. . .. extensions ( optional )
+ */
+
+ /*
+ * Minimal length ( with everything empty and extensions ommitted ) is
+ * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
+ * read at least up to session id length without worrying.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
+
+ /* ...
+ * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
+ * ...
+ * with ProtocolVersion defined as:
+ * uint16 ProtocolVersion;
+ */
+ if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
+ MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+ MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ return ( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ }
+ p += 2;
+
+ /*
+ * Only support TLS 1.3 currently, temporarily set the version.
+ */
+ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+
+ /* ---
+ * Random random;
+ * ---
+ * with Random defined as:
+ * opaque Random[32];
+ */
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
+ p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+
+ memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
+
+ /* ---
+ * opaque legacy_session_id<0..32>;
+ * ---
+ */
+ legacy_session_id_len = p[0];
+ p++;
+
+ if( legacy_session_id_len > sizeof( ssl->session_negotiate->id ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ ssl->session_negotiate->id_len = legacy_session_id_len;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
+ p, legacy_session_id_len );
+ /*
+ * Check we have enough data for the legacy session identifier
+ * and the ciphersuite list length.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_len + 2 );
+
+ memcpy( &ssl->session_negotiate->id[0], p, legacy_session_id_len );
+ p += legacy_session_id_len;
+
+ cipher_suites_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* Check we have enough data for the ciphersuite list, the legacy
+ * compression methods and the length of the extensions.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
+
+ /* ---
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * ---
+ * with CipherSuite defined as:
+ * uint8 CipherSuite[2];
+ */
+ cipher_suites = p;
+ cipher_suites_end = p + cipher_suites_len;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+ p, cipher_suites_len );
+ /*
+ * Search for a matching ciphersuite
+ */
+ int ciphersuite_match = 0;
+ for ( ; p < cipher_suites_end; p += 2 )
+ {
+ uint16_t cipher_suite;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
+ cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+ /*
+ * Check whether this ciphersuite is valid and offered.
+ */
+ if( ( mbedtls_ssl_validate_ciphersuite(
+ ssl, ciphersuite_info, ssl->tls_version,
+ ssl->tls_version ) != 0 ) ||
+ !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ continue;
+
+ ssl->session_negotiate->ciphersuite = cipher_suite;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
+ ciphersuite_match = 1;
+
+ break;
+
+ }
+
+ if( !ciphersuite_match )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
+ ciphersuite_info->name ) );
+
+ p = cipher_suites + cipher_suites_len;
+ /* ...
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * ...
+ */
+ if( p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+ p += 2;
+
+ /* ---
+ * Extension extensions<8..2^16-1>;
+ * ---
+ * with Extension defined as:
+ * struct {
+ * ExtensionType extension_type;
+ * opaque extension_data<0..2^16-1>;
+ * } Extension;
+ */
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+ extensions_end = p + extensions_len;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
+
+ while( p < extensions_end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+ const unsigned char *extension_data_end;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ extension_data_end = p + extension_data_len;
+
+ switch( extension_type )
+ {
+#if defined(MBEDTLS_ECDH_C)
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported group extension" ) );
+
+ /* Supported Groups Extension
+ *
+ * When sent by the client, the "supported_groups" extension
+ * indicates the named groups which the client supports,
+ * ordered from most preferred to least preferred.
+ */
+ ret = ssl_tls13_parse_supported_groups_ext( ssl, p,
+ extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_parse_supported_groups_ext", ret );
+ return( ret );
+ }
+
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+ break;
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDH_C)
+ case MBEDTLS_TLS_EXT_KEY_SHARE:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key share extension" ) );
+
+ /*
+ * Key Share Extension
+ *
+ * When sent by the client, the "key_share" extension
+ * contains the endpoint's cryptographic parameters for
+ * ECDHE/DHE key establishment methods.
+ */
+ ret = ssl_tls13_parse_key_shares_ext( ssl, p, extension_data_end );
+ if( ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "HRR needed " ) );
+ ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ }
+
+ if( ret != 0 )
+ return( ret );
+
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
+ break;
+#endif /* MBEDTLS_ECDH_C */
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported versions extension" ) );
+
+ ret = ssl_tls13_parse_supported_versions_ext(
+ ssl, p, extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ ( "ssl_tls13_parse_supported_versions_ext" ), ret );
+ return( ret );
+ }
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
+ break;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+
+ ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p,
+ extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "ssl_parse_supported_signature_algorithms_server_ext ( %d )",
+ ret ) );
+ return( ret );
+ }
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown extension found: %ud ( ignoring )",
+ extension_type ) );
+ }
+
+ p += extension_data_len;
+ }
+
+ /* Update checksum with either
+ * - The entire content of the CH message, if no PSK extension is present
+ * - The content up to but excluding the PSK extension, if present.
+ */
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ buf, p - buf );
+
+ /* List all the extensions we have received */
+#if defined(MBEDTLS_DEBUG_C)
+ ssl_tls13_debug_print_client_hello_exts( ssl );
+#endif /* MBEDTLS_DEBUG_C */
+
+ /*
+ * Here we only support the ephemeral or (EC)DHE key echange mode
+ */
+
+ if( !ssl_tls13_check_ephemeral_key_exchange( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1,
+ ( "ClientHello message misses mandatory extensions." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION ,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ return( 0 );
+}
+
+static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret );
+ return( ret );
+ }
+
+ return( 0 );
+
+}
+
+/*
+ * Main entry point from the state machine; orchestrates the otherfunctions.
+ */
+
+static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl )
+{
+
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char* buf = NULL;
+ size_t buflen = 0;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ &buf, &buflen ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
+ buf + buflen ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+ return( ret );
+}
+
+/*
+ * TLS 1.3 State Machine -- server side
+ */
+int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %s(%d)",
mbedtls_ssl_states_str( ssl->state ),
ssl->state ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ switch( ssl->state )
+ {
+ /* start state */
+ case MBEDTLS_SSL_HELLO_REQUEST:
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+
+ ret = 0;
+ break;
+
+ case MBEDTLS_SSL_CLIENT_HELLO:
+
+ ret = ssl_tls13_process_client_hello( ssl );
+ if( ret != 0 )
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+
+ break;
+
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ return( ret );
}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/threading.c b/library/threading.c
index bae6644..cd9942b 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -113,7 +113,7 @@
int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
/*
- * With phtreads we can statically initialize mutexes
+ * With pthreads we can statically initialize mutexes
*/
#define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 }
diff --git a/library/timing.c b/library/timing.c
index 8a02c00..859c1b8 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -45,15 +45,15 @@
#include <unistd.h>
#include <sys/types.h>
-#include <sys/time.h>
#include <signal.h>
+/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the
+ * platform matches the ifdefs above, it will be used. */
#include <time.h>
-
+#include <sys/time.h>
struct _hr_time
{
struct timeval start;
};
-
#endif /* _WIN32 && !EFIX64 && !EFI32 */
/**
@@ -158,5 +158,13 @@
return( 0 );
}
+/*
+ * Get the final delay.
+ */
+uint32_t mbedtls_timing_get_final_delay(
+ const mbedtls_timing_delay_context *data )
+{
+ return( data->fin_ms );
+}
#endif /* !MBEDTLS_TIMING_ALT */
#endif /* MBEDTLS_TIMING_C */
diff --git a/library/x509_crl.c b/library/x509_crl.c
index e6efdca..0cd996d 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -52,11 +52,13 @@
#define mbedtls_snprintf snprintf
#endif
+#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
+#endif
#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
#include <stdio.h>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c865444..b38dff08 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -47,7 +47,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -63,11 +63,13 @@
#include "mbedtls/threading.h"
#endif
+#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
+#endif
#if defined(MBEDTLS_FS_IO)
#include <stdio.h>
@@ -2336,8 +2338,14 @@
const mbedtls_x509_crt_profile *profile )
{
int flags = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+ psa_algorithm_t psa_algorithm;
+#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ size_t hash_length;
if( ca == NULL )
return( flags );
@@ -2370,19 +2378,38 @@
if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
- md_info = mbedtls_md_info_from_type( crl_list->sig_md );
- if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md );
+ if( psa_hash_compute( psa_algorithm,
+ crl_list->tbs.p,
+ crl_list->tbs.len,
+ hash,
+ sizeof( hash ),
+ &hash_length ) != PSA_SUCCESS )
{
/* Note: this can't happen except after an internal error */
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
+#else
+ md_info = mbedtls_md_info_from_type( crl_list->sig_md );
+ hash_length = mbedtls_md_get_size( md_info );
+ if( mbedtls_md( md_info,
+ crl_list->tbs.p,
+ crl_list->tbs.len,
+ hash ) != 0 )
+ {
+ /* Note: this can't happen except after an internal error */
+ flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
+ break;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( x509_profile_check_key( profile, &ca->pk ) != 0 )
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
- crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
+ crl_list->sig_md, hash, hash_length,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2421,9 +2448,9 @@
mbedtls_x509_crt *parent,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t hash_len;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( child->sig_md );
hash_len = mbedtls_md_get_size( md_info );
@@ -2432,23 +2459,21 @@
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
return( -1 );
#else
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
- return( -1 );
-
- if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len )
- != PSA_SUCCESS )
+ status = psa_hash_compute( hash_alg,
+ child->tbs.p,
+ child->tbs.len,
+ hash,
+ sizeof( hash ),
+ &hash_len );
+ if( status != PSA_SUCCESS )
{
- return( -1 );
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
- if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
- != PSA_SUCCESS )
- {
- return( -1 );
- }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Skip expensive computation on obvious mismatch */
if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 17b3e79..6d1e7b3 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -40,6 +40,11 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@@ -167,66 +172,86 @@
}
#if defined(MBEDTLS_SHA1_C)
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
+static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert *ctx,
+ int is_ca,
+ unsigned char tag )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf);
size_t len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t hash_length;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
memset( buf, 0, sizeof(buf) );
MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
+ mbedtls_pk_write_pubkey( &c,
+ buf,
+ is_ca ?
+ ctx->issuer_key :
+ ctx->subject_key ) );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_hash_compute( PSA_ALG_SHA_1,
+ buf + sizeof(buf) - len,
+ len,
+ buf + sizeof(buf) - 20,
+ 20,
+ &hash_length );
+ if( status != PSA_SUCCESS )
+ {
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ }
+#else
ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
- buf + sizeof( buf ) - 20 );
+ buf + sizeof( buf ) - 20 );
if( ret != 0 )
return( ret );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
c = buf + sizeof( buf ) - 20;
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, tag ) );
- return mbedtls_x509write_crt_set_extension( ctx,
- MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
- 0, buf + sizeof(buf) - len, len );
+ if( is_ca ) // writes AuthorityKeyIdentifier sequence
+ {
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ));
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c,
+ buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
+ }
+
+ if( is_ca )
+ return( mbedtls_x509write_crt_set_extension( ctx,
+ MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len ) );
+ else
+ return( mbedtls_x509write_crt_set_extension( ctx,
+ MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len ) );
+}
+
+int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
+{
+ return mbedtls_x509write_crt_set_key_identifier( ctx,
+ 0,
+ MBEDTLS_ASN1_OCTET_STRING );
}
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
- unsigned char *c = buf + sizeof( buf );
- size_t len = 0;
-
- memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
-
- ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
- buf + sizeof( buf ) - 20 );
- if( ret != 0 )
- return( ret );
- c = buf + sizeof( buf ) - 20;
- len = 20;
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len,
- mbedtls_asn1_write_tag( &c, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
-
- return mbedtls_x509write_crt_set_extension(
- ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
- 0, buf + sizeof( buf ) - len, len );
+ return mbedtls_x509write_crt_set_key_identifier( ctx,
+ 1,
+ (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0) );
}
#endif /* MBEDTLS_SHA1_C */
@@ -330,8 +355,16 @@
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
- unsigned char hash[64];
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ size_t hash_length = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t psa_algorithm;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+#else
+ unsigned char hash[64];
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
@@ -466,14 +499,30 @@
*/
/* Compute hash of CRT. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm = mbedtls_psa_translate_md( ctx->md_alg );
+
+ status = psa_hash_compute( psa_algorithm,
+ c,
+ len,
+ hash,
+ sizeof( hash ),
+ &hash_length );
+ if( status != PSA_SUCCESS )
+ {
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ }
+#else
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
len, hash ) ) != 0 )
{
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
- hash, 0, sig, sizeof( sig ), &sig_len,
+ hash, hash_length, sig, sizeof( sig ), &sig_len,
f_rng, p_rng ) ) != 0 )
{
return( ret );
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 555f296..1cee318 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -35,7 +35,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
#include <stdlib.h>
@@ -149,7 +149,6 @@
size_t len = 0;
mbedtls_pk_type_t pk_alg;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
size_t hash_len;
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -219,16 +218,14 @@
* Note: hash errors can happen only after an internal error
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
-
- if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
-
- if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
- != PSA_SUCCESS )
+ if( psa_hash_compute( hash_alg,
+ c,
+ len,
+ hash,
+ sizeof( hash ),
+ &hash_len ) != PSA_SUCCESS )
{
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
diff --git a/programs/.gitignore b/programs/.gitignore
index 550239e..44e904a 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -13,8 +13,10 @@
*.exe
aes/crypt_and_hash
+cipher/cipher_aead_demo
hash/generic_sum
hash/hello
+hash/md_hmac_demo
hash/md5sum
hash/sha1sum
hash/sha2sum
@@ -38,7 +40,9 @@
pkey/rsa_sign_pss
pkey/rsa_verify
pkey/rsa_verify_pss
+psa/aead_demo
psa/crypto_examples
+psa/hmac_demo
psa/key_ladder_demo
psa/psa_constant_names
random/gen_entropy
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index a8492c6..0633aa6 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,4 +1,5 @@
add_subdirectory(aes)
+add_subdirectory(cipher)
if (NOT WIN32)
add_subdirectory(fuzz)
endif()
diff --git a/programs/Makefile b/programs/Makefile
index 1ebf8d2..fdfece7 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -80,8 +80,10 @@
## make sure to check that it still works if you tweak the format here.
APPS = \
aes/crypt_and_hash \
+ cipher/cipher_aead_demo \
hash/generic_sum \
hash/hello \
+ hash/md_hmac_demo \
pkey/dh_client \
pkey/dh_genprime \
pkey/dh_server \
@@ -102,7 +104,9 @@
pkey/rsa_sign_pss \
pkey/rsa_verify \
pkey/rsa_verify_pss \
+ psa/aead_demo \
psa/crypto_examples \
+ psa/hmac_demo \
psa/key_ladder_demo \
psa/psa_constant_names \
random/gen_entropy \
@@ -195,14 +199,22 @@
echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/hello$(EXEXT): hash/hello.c $(DEP)
- echo " CC hash/hello.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP)
+ echo " CC cipher/cipher_aead_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP)
echo " CC hash/generic_sum.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+hash/hello$(EXEXT): hash/hello.c $(DEP)
+ echo " CC hash/hello.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP)
+ echo " CC hash/md_hmac_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
echo " CC pkey/dh_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -283,6 +295,18 @@
echo " CC pkey/rsa_encrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+psa/aead_demo$(EXEXT): psa/aead_demo.c $(DEP)
+ echo " CC psa/aead_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
+ echo " CC psa/crypto_examples.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/hmac_demo$(EXEXT): psa/hmac_demo.c $(DEP)
+ echo " CC psa/hmac_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
psa/key_ladder_demo$(EXEXT): psa/key_ladder_demo.c $(DEP)
echo " CC psa/key_ladder_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -427,10 +451,6 @@
echo " CC x509/req_app.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
- echo " CC psa/crypto_examples.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
clean:
ifndef WINDOWS
rm -f $(EXES)
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
new file mode 100644
index 0000000..93e5f31
--- /dev/null
+++ b/programs/cipher/CMakeLists.txt
@@ -0,0 +1,13 @@
+set(executables
+ cipher_aead_demo
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c
new file mode 100644
index 0000000..18bd66c
--- /dev/null
+++ b/programs/cipher/cipher_aead_demo.c
@@ -0,0 +1,271 @@
+/**
+ * Cipher API multi-part AEAD demonstration.
+ *
+ * This program AEAD-encrypts a message, using the algorithm and key size
+ * specified on the command line, using the multi-part API.
+ *
+ * It comes with a companion program psa/aead_demo.c, which does the same
+ * operations with the PSA Crypto API. The goal is that comparing the two
+ * programs will help people migrating to the PSA Crypto API.
+ *
+ * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
+ * serves a triple purpose (1) hold the key, (2) store the algorithm when no
+ * operation is active, and (3) save progress information for the current
+ * operation. With PSA those roles are held by disinct objects: (1) a
+ * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
+ * algorithm, and (3) a psa_operation_t for multi-part progress.
+ *
+ * On the other hand, with PSA, the algorithms encodes the desired tag length;
+ * with Cipher the desired tag length needs to be tracked separately.
+ *
+ * This program and its companion psa/aead_demo.c illustrate this by doing the
+ * same sequence of multi-part AEAD computation with both APIs; looking at the
+ * two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/cipher.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_CIPHER_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
+ !defined(MBEDTLS_CHACHAPOLY_C)
+int main( void )
+{
+ printf( "MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
+ "MBEDTLS_CHACHAPOLY_C not defined\r\n" );
+ return( 0 );
+}
+#else
+
+/* The real program starts here. */
+
+const char usage[] =
+"Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+
+/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
+const unsigned char iv1[12] = { 0x00 };
+const unsigned char add_data1[] = { 0x01, 0x02 };
+const unsigned char msg1_part1[] = { 0x03, 0x04 };
+const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+
+/* Dummy data (2nd message) */
+const unsigned char iv2[12] = { 0x10 };
+const unsigned char add_data2[] = { 0x11, 0x12 };
+const unsigned char msg2_part1[] = { 0x13, 0x14 };
+const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+
+/* Maximum total size of the messages */
+#define MSG1_SIZE ( sizeof( msg1_part1 ) + sizeof( msg1_part2 ) )
+#define MSG2_SIZE ( sizeof( msg2_part1 ) + sizeof( msg2_part2 ) )
+#define MSG_MAX_SIZE ( MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE )
+
+/* Dummy key material - never do this in production!
+ * 32-byte is enough to all the key size supported by this program. */
+const unsigned char key_bytes[32] = { 0x2a };
+
+/* Print the contents of a buffer in hex */
+void print_buf( const char *title, unsigned char *buf, size_t len )
+{
+ printf( "%s:", title );
+ for( size_t i = 0; i < len; i++ )
+ printf( " %02x", buf[i] );
+ printf( "\n" );
+}
+
+/* Run an Mbed TLS function and bail out if it fails.
+ * A string description of the error code can be recovered with:
+ * programs/util/strerror <value> */
+#define CHK( expr ) \
+ do \
+ { \
+ ret = ( expr ); \
+ if( ret != 0 ) \
+ { \
+ printf( "Error %d at line %d: %s\n", \
+ ret, \
+ __LINE__, \
+ #expr ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
+/*
+ * Prepare encryption material:
+ * - interpret command-line argument
+ * - set up key
+ * - outputs: context and tag length, which together hold all the information
+ */
+static int aead_prepare( const char *info,
+ mbedtls_cipher_context_t *ctx,
+ size_t *tag_len )
+{
+ int ret;
+
+ /* Convert arg to type + tag_len */
+ mbedtls_cipher_type_t type;
+ if( strcmp( info, "aes128-gcm" ) == 0 ) {
+ type = MBEDTLS_CIPHER_AES_128_GCM;
+ *tag_len = 16;
+ } else if( strcmp( info, "aes256-gcm" ) == 0 ) {
+ type = MBEDTLS_CIPHER_AES_256_GCM;
+ *tag_len = 16;
+ } else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
+ type = MBEDTLS_CIPHER_AES_128_GCM;
+ *tag_len = 8;
+ } else if( strcmp( info, "chachapoly" ) == 0 ) {
+ type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
+ *tag_len = 16;
+ } else {
+ puts( usage );
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ }
+
+ /* Prepare context for the given type */
+ CHK( mbedtls_cipher_setup( ctx,
+ mbedtls_cipher_info_from_type( type ) ) );
+
+ /* Import key */
+ int key_len = mbedtls_cipher_get_key_bitlen( ctx );
+ CHK( mbedtls_cipher_setkey( ctx, key_bytes, key_len, MBEDTLS_ENCRYPT ) );
+
+exit:
+ return( ret );
+}
+
+/*
+ * Print out some information.
+ *
+ * All of this information was present in the command line argument, but his
+ * function demonstrates how each piece can be recovered from (ctx, tag_len).
+ */
+static void aead_info( const mbedtls_cipher_context_t *ctx, size_t tag_len )
+{
+ mbedtls_cipher_type_t type = mbedtls_cipher_get_type( ctx );
+ const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( type );
+ const char *ciph = mbedtls_cipher_info_get_name( info );
+ int key_bits = mbedtls_cipher_get_key_bitlen( ctx );
+ mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( ctx );
+
+ const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
+ : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
+ : "???";
+
+ printf( "%s, %d, %s, %u\n",
+ ciph, key_bits, mode_str, (unsigned) tag_len );
+}
+
+/*
+ * Encrypt a 2-part message.
+ */
+static int aead_encrypt( mbedtls_cipher_context_t *ctx, size_t tag_len,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len )
+{
+ int ret;
+ size_t olen;
+#define MAX_TAG_LENGTH 16
+ unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH];
+ unsigned char *p = out;
+
+ CHK( mbedtls_cipher_set_iv( ctx, iv, iv_len ) );
+ CHK( mbedtls_cipher_reset( ctx ) );
+ CHK( mbedtls_cipher_update_ad( ctx, ad, ad_len ) );
+ CHK( mbedtls_cipher_update( ctx, part1, part1_len, p, &olen ) );
+ p += olen;
+ CHK( mbedtls_cipher_update( ctx, part2, part2_len, p, &olen ) );
+ p += olen;
+ CHK( mbedtls_cipher_finish( ctx, p, &olen ) );
+ p += olen;
+ CHK( mbedtls_cipher_write_tag( ctx, p, tag_len ) );
+ p += tag_len;
+
+ olen = p - out;
+ print_buf( "out", out, olen );
+
+exit:
+ return( ret );
+}
+
+/*
+ * AEAD demo: set up key/alg, print out info, encrypt messages.
+ */
+static int aead_demo( const char *info )
+{
+ int ret = 0;
+
+ mbedtls_cipher_context_t ctx;
+ size_t tag_len;
+
+ mbedtls_cipher_init( &ctx );
+
+ CHK( aead_prepare( info, &ctx, &tag_len ) );
+
+ aead_info( &ctx, tag_len );
+
+ CHK( aead_encrypt( &ctx, tag_len,
+ iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
+ msg1_part1, sizeof( msg1_part1 ),
+ msg1_part2, sizeof( msg1_part2 ) ) );
+ CHK( aead_encrypt( &ctx, tag_len,
+ iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
+ msg2_part1, sizeof( msg2_part1 ),
+ msg2_part2, sizeof( msg2_part2 ) ) );
+
+exit:
+ mbedtls_cipher_free( &ctx );
+
+ return( ret );
+}
+
+
+/*
+ * Main function
+ */
+int main( int argc, char **argv )
+{
+ /* Check usage */
+ if( argc != 2 )
+ {
+ puts( usage );
+ return( 1 );
+ }
+
+ int ret;
+
+ /* Run the demo */
+ CHK( aead_demo( argv[1] ) );
+
+exit:
+ return( ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE );
+}
+
+#endif
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
index e12ee3b..c554bc6 100644
--- a/programs/fuzz/common.c
+++ b/programs/fuzz/common.c
@@ -5,11 +5,13 @@
#include <stdlib.h>
#include "mbedtls/ctr_drbg.h"
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
+#endif
void dummy_init()
{
@@ -60,8 +62,14 @@
size_t i;
#if defined(MBEDTLS_CTR_DRBG_C)
- //use mbedtls_ctr_drbg_random to find bugs in it
- ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
+ if( p_rng != NULL ) {
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ } else {
+ //fall through to pseudo-random
+ ret = 0;
+ }
#else
(void) p_rng;
ret = 0;
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
index 5586c06..7bb7b87 100644
--- a/programs/fuzz/common.h
+++ b/programs/fuzz/common.h
@@ -1,4 +1,9 @@
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
+#endif
+#include <stddef.h>
#include <stdint.h>
typedef struct fuzzBufferOffset
@@ -8,7 +13,9 @@
size_t Offset;
} fuzzBufferOffset_t;
+#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
+#endif
void dummy_init();
int dummy_send( void *ctx, const unsigned char *buf, size_t len );
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 9a6e894..1aa757c 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -44,6 +44,13 @@
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ ( const unsigned char * ) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
@@ -56,7 +63,7 @@
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, NULL ) != 0)
+ dummy_random, &ctr_drbg ) != 0)
return 1;
#endif
dummy_init();
@@ -65,15 +72,8 @@
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
mbedtls_ssl_cookie_init( &cookie_ctx );
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
- goto exit;
-
-
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index b9a160e..e8e1d44 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -2,26 +2,41 @@
#include <stdint.h>
#include <stdlib.h>
+#include <string.h>
#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
#include "common.h"
//4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C)
+const char *pers = "fuzz_privkey";
+#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-#ifdef MBEDTLS_PK_PARSE_C
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C)
int ret;
mbedtls_pk_context pk;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
if (Size > MAX_LEN) {
//only work on small inputs
Size = MAX_LEN;
}
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ ( const unsigned char * ) pers, strlen( pers ) ) != 0 )
+ return 1;
+
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
- dummy_random, NULL );
+ dummy_random, &ctr_drbg );
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
@@ -73,7 +88,7 @@
#else
(void) Data;
(void) Size;
-#endif //MBEDTLS_PK_PARSE_C
+#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C
return 0;
}
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index e6eb5a7..3d11d47 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -55,13 +55,14 @@
}
options = Data[Size - 1];
- if (initialized == 0) {
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
- return 1;
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ ( const unsigned char * ) pers, strlen( pers ) ) != 0 )
+ return 1;
+
+ if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index 729474c..da98188 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -1,6 +1,7 @@
set(executables
generic_sum
hello
+ md_hmac_demo
)
foreach(exe IN LISTS executables)
diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c
new file mode 100644
index 0000000..d4cc3cc
--- /dev/null
+++ b/programs/hash/md_hmac_demo.c
@@ -0,0 +1,147 @@
+/**
+ * MD API multi-part HMAC demonstration.
+ *
+ * This programs computes the HMAC of two messages using the multi-part API.
+ *
+ * This is a companion to psa/hmac_demo.c, doing the same operations with the
+ * legacy MD API. The goal is that comparing the two programs will help people
+ * migrating to the PSA Crypto API.
+ *
+ * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
+ * serves a dual purpose (1) hold the key, and (2) save progress information
+ * for the current operation. With PSA those roles are held by two disinct
+ * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
+ * multi-part progress.
+ *
+ * This program and its companion psa/hmac_demo.c illustrate this by doing the
+ * same sequence of multi-part HMAC computation with both APIs; looking at the
+ * two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/md.h"
+
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_MD_C)
+int main( void )
+{
+ printf( "MBEDTLS_MD_C not defined\r\n" );
+ return( 0 );
+}
+#else
+
+/* The real program starts here. */
+
+/* Dummy inputs for HMAC */
+const unsigned char msg1_part1[] = { 0x01, 0x02 };
+const unsigned char msg1_part2[] = { 0x03, 0x04 };
+const unsigned char msg2_part1[] = { 0x05, 0x05 };
+const unsigned char msg2_part2[] = { 0x06, 0x06 };
+
+/* Dummy key material - never do this in production!
+ * This example program uses SHA-256, so a 32-byte key makes sense. */
+const unsigned char key_bytes[32] = { 0 };
+
+/* Print the contents of a buffer in hex */
+void print_buf( const char *title, unsigned char *buf, size_t len )
+{
+ printf( "%s:", title );
+ for( size_t i = 0; i < len; i++ )
+ printf( " %02x", buf[i] );
+ printf( "\n" );
+}
+
+/* Run an Mbed TLS function and bail out if it fails.
+ * A string description of the error code can be recovered with:
+ * programs/util/strerror <value> */
+#define CHK( expr ) \
+ do \
+ { \
+ ret = ( expr ); \
+ if( ret != 0 ) \
+ { \
+ printf( "Error %d at line %d: %s\n", \
+ ret, \
+ __LINE__, \
+ #expr ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
+/*
+ * This function demonstrates computation of the HMAC of two messages using
+ * the multipart API.
+ */
+int hmac_demo(void)
+{
+ int ret;
+ const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
+ unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
+
+ mbedtls_md_context_t ctx;
+
+ mbedtls_md_init( &ctx );
+
+ /* prepare context and load key */
+ // the last argument to setup is 1 to enable HMAC (not just hashing)
+ const mbedtls_md_info_t *info = mbedtls_md_info_from_type( alg );
+ CHK( mbedtls_md_setup( &ctx, info, 1 ) );
+ CHK( mbedtls_md_hmac_starts( &ctx, key_bytes, sizeof( key_bytes ) ) );
+
+ /* compute HMAC(key, msg1_part1 | msg1_part2) */
+ CHK( mbedtls_md_hmac_update( &ctx, msg1_part1, sizeof( msg1_part1 ) ) );
+ CHK( mbedtls_md_hmac_update( &ctx, msg1_part2, sizeof( msg1_part2 ) ) );
+ CHK( mbedtls_md_hmac_finish( &ctx, out ) );
+ print_buf( "msg1", out, mbedtls_md_get_size( info ) );
+
+ /* compute HMAC(key, msg2_part1 | msg2_part2) */
+ CHK( mbedtls_md_hmac_reset( &ctx ) ); // prepare for new operation
+ CHK( mbedtls_md_hmac_update( &ctx, msg2_part1, sizeof( msg2_part1 ) ) );
+ CHK( mbedtls_md_hmac_update( &ctx, msg2_part2, sizeof( msg2_part2 ) ) );
+ CHK( mbedtls_md_hmac_finish( &ctx, out ) );
+ print_buf( "msg2", out, mbedtls_md_get_size( info ) );
+
+exit:
+ mbedtls_md_free( &ctx );
+ mbedtls_platform_zeroize( out, sizeof( out ) );
+
+ return( ret );
+}
+
+int main(void)
+{
+ int ret;
+
+ CHK( hmac_demo() );
+
+exit:
+ return( ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE );
+}
+
+#endif
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index 26ca73c..7ba4af6 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -1,5 +1,7 @@
set(executables
+ aead_demo
crypto_examples
+ hmac_demo
key_ladder_demo
psa_constant_names
)
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
new file mode 100644
index 0000000..5bc0af0
--- /dev/null
+++ b/programs/psa/aead_demo.c
@@ -0,0 +1,293 @@
+/**
+ * PSA API multi-part AEAD demonstration.
+ *
+ * This program AEAD-encrypts a message, using the algorithm and key size
+ * specified on the command line, using the multi-part API.
+ *
+ * It comes with a companion program cipher/cipher_aead_demo.c, which does the
+ * same operations with the legacy Cipher API. The goal is that comparing the
+ * two programs will help people migrating to the PSA Crypto API.
+ *
+ * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
+ * serves a triple purpose (1) hold the key, (2) store the algorithm when no
+ * operation is active, and (3) save progress information for the current
+ * operation. With PSA those roles are held by disinct objects: (1) a
+ * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
+ * algorithm, and (3) a psa_operation_t for multi-part progress.
+ *
+ * On the other hand, with PSA, the algorithms encodes the desired tag length;
+ * with Cipher the desired tag length needs to be tracked separately.
+ *
+ * This program and its companion cipher/cipher_aead_demo.c illustrate this by
+ * doing the same sequence of multi-part AEAD computation with both APIs;
+ * looking at the two side by side should make the differences and
+ * similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
+ !defined(MBEDTLS_CHACHAPOLY_C) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main( void )
+{
+ printf( "MBEDTLS_PSA_CRYPTO_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
+ "MBEDTLS_CHACHAPOLY_C not defined, and/or "
+ "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
+ return( 0 );
+}
+#else
+
+/* The real program starts here. */
+
+const char usage[] =
+"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+
+/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
+const unsigned char iv1[12] = { 0x00 };
+const unsigned char add_data1[] = { 0x01, 0x02 };
+const unsigned char msg1_part1[] = { 0x03, 0x04 };
+const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+
+/* Dummy data (2nd message) */
+const unsigned char iv2[12] = { 0x10 };
+const unsigned char add_data2[] = { 0x11, 0x12 };
+const unsigned char msg2_part1[] = { 0x13, 0x14 };
+const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+
+/* Maximum total size of the messages */
+#define MSG1_SIZE ( sizeof( msg1_part1 ) + sizeof( msg1_part2 ) )
+#define MSG2_SIZE ( sizeof( msg2_part1 ) + sizeof( msg2_part2 ) )
+#define MSG_MAX_SIZE ( MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE )
+
+/* Dummy key material - never do this in production!
+ * 32-byte is enough to all the key size supported by this program. */
+const unsigned char key_bytes[32] = { 0x2a };
+
+/* Print the contents of a buffer in hex */
+void print_buf( const char *title, uint8_t *buf, size_t len )
+{
+ printf( "%s:", title );
+ for( size_t i = 0; i < len; i++ )
+ printf( " %02x", buf[i] );
+ printf( "\n" );
+}
+
+/* Run a PSA function and bail out if it fails.
+ * The symbolic name of the error code can be recovered using:
+ * programs/psa/psa_consant_name status <value> */
+#define PSA_CHECK( expr ) \
+ do \
+ { \
+ status = ( expr ); \
+ if( status != PSA_SUCCESS ) \
+ { \
+ printf( "Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr ); \
+ goto exit; \
+ } \
+ } \
+ while( 0 )
+
+/*
+ * Prepare encryption material:
+ * - interpret command-line argument
+ * - set up key
+ * - outputs: key and algorithm, which together hold all the information
+ */
+static psa_status_t aead_prepare( const char *info,
+ psa_key_id_t *key,
+ psa_algorithm_t *alg )
+{
+ psa_status_t status;
+
+ /* Convert arg to alg + key_bits + key_type */
+ size_t key_bits;
+ psa_key_type_t key_type;
+ if( strcmp( info, "aes128-gcm" ) == 0 ) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if( strcmp( info, "aes256-gcm" ) == 0 ) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
+ *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8);
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if( strcmp( info, "chachapoly" ) == 0 ) {
+ *alg = PSA_ALG_CHACHA20_POLY1305;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_CHACHA20;
+ } else {
+ puts( usage );
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ /* Prepare key attibutes */
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, *alg );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, key_bits ); // optional
+
+ /* Import key */
+ PSA_CHECK( psa_import_key( &attributes, key_bytes, key_bits / 8, key ) );
+
+exit:
+ return( status );
+}
+
+/*
+ * Print out some information.
+ *
+ * All of this information was present in the command line argument, but his
+ * function demonstrates how each piece can be recovered from (key, alg).
+ */
+static void aead_info( psa_key_id_t key, psa_algorithm_t alg )
+{
+ psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+ (void) psa_get_key_attributes( key, &attr );
+ psa_key_type_t key_type = psa_get_key_type( &attr );
+ size_t key_bits = psa_get_key_bits( &attr );
+ psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
+ size_t tag_len = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+
+ const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES"
+ : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha"
+ : "???";
+ const char *base_str = base_alg == PSA_ALG_GCM ? "GCM"
+ : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly"
+ : "???";
+
+ printf( "%s, %u, %s, %u\n",
+ type_str, (unsigned) key_bits, base_str, (unsigned) tag_len );
+}
+
+/*
+ * Encrypt a 2-part message.
+ */
+static int aead_encrypt( psa_key_id_t key, psa_algorithm_t alg,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len )
+{
+ psa_status_t status;
+ size_t olen, olen_tag;
+ unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)];
+ unsigned char *p = out, *end = out + sizeof( out );
+ unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
+
+ psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
+ PSA_CHECK( psa_aead_encrypt_setup( &op, key, alg ) );
+
+ PSA_CHECK( psa_aead_set_nonce( &op, iv, iv_len ) );
+ PSA_CHECK( psa_aead_update_ad( &op, ad, ad_len ) );
+ PSA_CHECK( psa_aead_update( &op, part1, part1_len, p, end - p, &olen ) );
+ p += olen;
+ PSA_CHECK( psa_aead_update( &op, part2, part2_len, p, end - p, &olen ) );
+ p += olen;
+ PSA_CHECK( psa_aead_finish( &op, p, end - p, &olen,
+ tag, sizeof( tag ), &olen_tag ) );
+ p += olen;
+ memcpy( p, tag, olen_tag );
+ p += olen_tag;
+
+ olen = p - out;
+ print_buf( "out", out, olen );
+
+exit:
+ psa_aead_abort( &op ); // required on errors, harmless on success
+ return( status );
+}
+
+/*
+ * AEAD demo: set up key/alg, print out info, encrypt messages.
+ */
+static psa_status_t aead_demo( const char *info )
+{
+ psa_status_t status;
+
+ psa_key_id_t key;
+ psa_algorithm_t alg;
+
+ PSA_CHECK( aead_prepare( info, &key, &alg ) );
+
+ aead_info( key, alg );
+
+ PSA_CHECK( aead_encrypt( key, alg,
+ iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
+ msg1_part1, sizeof( msg1_part1 ),
+ msg1_part2, sizeof( msg1_part2 ) ) );
+ PSA_CHECK( aead_encrypt( key, alg,
+ iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
+ msg2_part1, sizeof( msg2_part1 ),
+ msg2_part2, sizeof( msg2_part2 ) ) );
+
+exit:
+ psa_destroy_key( key );
+
+ return( status );
+}
+
+/*
+ * Main function
+ */
+int main( int argc, char **argv )
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ /* Check usage */
+ if( argc != 2 )
+ {
+ puts( usage );
+ return( EXIT_FAILURE );
+ }
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK( psa_crypto_init( ) );
+
+ /* Run the demo */
+ PSA_CHECK( aead_demo( argv[1] ) );
+
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free( );
+
+exit:
+ return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
+}
+
+#endif
diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
new file mode 100644
index 0000000..6238892
--- /dev/null
+++ b/programs/psa/hmac_demo.c
@@ -0,0 +1,169 @@
+/**
+ * PSA API multi-part HMAC demonstration.
+ *
+ * This programs computes the HMAC of two messages using the multi-part API.
+ *
+ * It comes with a companion program hash/md_hmac_demo.c, which does the same
+ * operations with the legacy MD API. The goal is that comparing the two
+ * programs will help people migrating to the PSA Crypto API.
+ *
+ * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
+ * serves a dual purpose (1) hold the key, and (2) save progress information
+ * for the current operation. With PSA those roles are held by two disinct
+ * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
+ * multi-part progress.
+ *
+ * This program and its companion hash/md_hmac_demo.c illustrate this by doing
+ * the same sequence of multi-part HMAC computation with both APIs; looking at
+ * the two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main( void )
+{
+ printf( "MBEDTLS_PSA_CRYPTO_C not defined, "
+ "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
+ return( 0 );
+}
+#else
+
+/* The real program starts here. */
+
+/* Dummy inputs for HMAC */
+const unsigned char msg1_part1[] = { 0x01, 0x02 };
+const unsigned char msg1_part2[] = { 0x03, 0x04 };
+const unsigned char msg2_part1[] = { 0x05, 0x05 };
+const unsigned char msg2_part2[] = { 0x06, 0x06 };
+
+/* Dummy key material - never do this in production!
+ * This example program uses SHA-256, so a 32-byte key makes sense. */
+const unsigned char key_bytes[32] = { 0 };
+
+/* Print the contents of a buffer in hex */
+void print_buf( const char *title, uint8_t *buf, size_t len )
+{
+ printf( "%s:", title );
+ for( size_t i = 0; i < len; i++ )
+ printf( " %02x", buf[i] );
+ printf( "\n" );
+}
+
+/* Run a PSA function and bail out if it fails.
+ * The symbolic name of the error code can be recovered using:
+ * programs/psa/psa_consant_name status <value> */
+#define PSA_CHECK( expr ) \
+ do \
+ { \
+ status = ( expr ); \
+ if( status != PSA_SUCCESS ) \
+ { \
+ printf( "Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr ); \
+ goto exit; \
+ } \
+ } \
+ while( 0 )
+
+/*
+ * This function demonstrates computation of the HMAC of two messages using
+ * the multipart API.
+ */
+psa_status_t hmac_demo(void)
+{
+ psa_status_t status;
+ const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
+ uint8_t out[PSA_MAC_MAX_SIZE]; // safe but not optimal
+ /* PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), alg)
+ * should work but see https://github.com/Mbed-TLS/mbedtls/issues/4320 */
+
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key = 0;
+
+ /* prepare key */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+ psa_set_key_bits( &attributes, 8 * sizeof( key_bytes ) ); // optional
+
+ status = psa_import_key( &attributes,
+ key_bytes, sizeof( key_bytes ), &key );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* prepare operation */
+ psa_mac_operation_t op = PSA_MAC_OPERATION_INIT;
+ size_t out_len = 0;
+
+ /* compute HMAC(key, msg1_part1 | msg1_part2) */
+ PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
+ PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) );
+ PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) );
+ PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
+ print_buf( "msg1", out, out_len );
+
+ /* compute HMAC(key, msg2_part1 | msg2_part2) */
+ PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
+ PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) );
+ PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) );
+ PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
+ print_buf( "msg2", out, out_len );
+
+exit:
+ psa_mac_abort( &op ); // needed on error, harmless on success
+ psa_destroy_key( key );
+ mbedtls_platform_zeroize( out, sizeof( out ) );
+
+ return( status );
+}
+
+int main(void)
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK( psa_crypto_init( ) );
+
+ /* Run the demo */
+ PSA_CHECK( hmac_demo() );
+
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free( );
+
+exit:
+ return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
+}
+
+#endif
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 57f7d8f..cd60986 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -21,9 +21,9 @@
#include "ssl_test_lib.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
int main( void )
@@ -692,9 +692,13 @@
const char *pers = "ssl_client2";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t slot = 0;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = 0;
psa_key_attributes_t key_attributes;
+#endif
+ psa_status_t status;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
#endif
@@ -716,7 +720,7 @@
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t key_slot = 0; /* invalid key slot */
+ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
#endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */
char *p, *q;
@@ -768,7 +772,7 @@
memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if( status != PSA_SUCCESS )
{
@@ -777,7 +781,7 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng( );
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -1128,10 +1132,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1140,10 +1144,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1161,20 +1165,20 @@
{
if( strcmp( q, "tls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@@ -1368,14 +1372,14 @@
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
- ciphersuite_info->min_minor_ver > opt.max_version )
+ ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
- ciphersuite_info->max_minor_ver < opt.min_version )
+ ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@@ -1385,27 +1389,28 @@
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
- opt.max_version > ciphersuite_info->max_minor_ver )
+ opt.max_version > ciphersuite_info->max_tls_version )
{
- opt.max_version = ciphersuite_info->max_minor_ver;
+ opt.max_version = ciphersuite_info->max_tls_version;
}
- if( opt.min_version < ciphersuite_info->min_minor_ver )
+ if( opt.min_version < ciphersuite_info->min_tls_version )
{
- opt.min_version = ciphersuite_info->min_minor_ver;
+ opt.min_version = ciphersuite_info->min_tls_version;
/* DTLS starts with TLS 1.2 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2 )
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( opt.psk_opaque != 0 )
{
/* Ensure that the chosen ciphersuite is PSK-only; we must know
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
- opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@@ -1420,6 +1425,7 @@
#endif /* MBEDTLS_SHA384_C */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@@ -1536,6 +1542,14 @@
{
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
}
+ else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 )
+ {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ }
+ else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 )
+ {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ }
else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
@@ -1548,6 +1562,8 @@
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "rsa_pss_rsae_sha256 " );
+ mbedtls_printf( "rsa_pss_rsae_sha384 " );
+ mbedtls_printf( "rsa_pss_rsae_sha512 " );
mbedtls_printf( "rsa_pkcs1_sha256 " );
mbedtls_printf( "\n" );
goto exit;
@@ -1703,7 +1719,8 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
+ mbedtls_printf( " ok (key type: %s)\n",
+ strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
@@ -1729,7 +1746,7 @@
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
}
if( opt.context_crt_cb == 0 )
@@ -1950,12 +1967,10 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.min_version );
+ mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.max_version );
+ mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
@@ -2144,9 +2159,19 @@
}
}
- mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ),
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ {
+ int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl );
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
+
+ mbedtls_printf( " ok\n [ Protocol is %s ]\n"
+ " [ Ciphersuite is %s ]\n"
+ " [ Key size is %u ]\n",
+ mbedtls_ssl_get_version( &ssl ),
+ mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ),
+ (unsigned int)
+ mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) );
+ }
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
@@ -3061,7 +3086,8 @@
( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
- (unsigned) slot, (int) status );
+ (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ),
+ (int) status );
if( ret == 0 )
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
@@ -3069,7 +3095,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking();
if( message )
{
@@ -3077,11 +3103,11 @@
ret = 1;
mbedtls_printf( "PSA memory leak detected: %s\n", message);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( );
#endif
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 62c3cc5..19054eb 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -42,7 +42,9 @@
#include <stdint.h>
#include <stdarg.h>
#include <string.h>
+#if defined(MBEDTLS_HAVE_TIME)
#include <time.h>
+#endif
#include "mbedtls/ssl.h"
#include "mbedtls/error.h"
#include "mbedtls/base64.h"
@@ -307,10 +309,11 @@
/*
* Print the value of time_t in format e.g. 2020-01-23 13:05:59
*/
-void print_time( const time_t *time )
+void print_time( const uint64_t *time )
{
+#if defined(MBEDTLS_HAVE_TIME)
char buf[20];
- struct tm *t = gmtime( time );
+ struct tm *t = gmtime( (time_t*) time );
static const char format[] = "%Y-%m-%d %H:%M:%S";
if( NULL != t )
{
@@ -321,6 +324,10 @@
{
printf( "unknown\n" );
}
+#else
+ (void) time;
+ printf( "not supported\n" );
+#endif
}
/*
@@ -608,7 +615,7 @@
( (uint64_t) ssl[7] );
ssl += 8;
printf( "\tstart time : " );
- print_time( (time_t*) &start );
+ print_time( &start );
}
CHECK_SSL_END( 2 );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7cbdaf6..a91af0e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -65,7 +65,7 @@
#include <windows.h>
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
#endif
@@ -119,7 +119,9 @@
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_TICKET_ROTATE 0
#define DFL_TICKET_TIMEOUT 86400
+#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
#define DFL_SNI NULL
@@ -167,9 +169,6 @@
/*
* Size of the basic I/O buffer. Able to hold our default response.
- *
- * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
- * if you change this value to something outside the range <= 100 or > 500
*/
#define DFL_IO_BUF_LEN 200
@@ -285,7 +284,9 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
- " ticket_timeout=%%d default: 86400 (one day)\n"
+ " ticket_rotate=%%d default: 0 (disabled)\n" \
+ " ticket_timeout=%%d default: 86400 (one day)\n" \
+ " ticket_aead=%%s default: \"AES-256-GCM\"\n"
#else
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -313,10 +314,16 @@
#if defined(MBEDTLS_SSL_CACHE_C)
#define USAGE_CACHE \
- " cache_max=%%d default: cache default (50)\n" \
+ " cache_max=%%d default: cache default (50)\n"
+#if defined(MBEDTLS_HAVE_TIME)
+#define USAGE_CACHE_TIME \
" cache_timeout=%%d default: cache default (1d)\n"
#else
+#define USAGE_CACHE_TIME ""
+#endif
+#else
#define USAGE_CACHE ""
+#define USAGE_CACHE_TIME ""
#endif /* MBEDTLS_SSL_CACHE_C */
#if defined(SNI_OPTION)
@@ -505,6 +512,7 @@
USAGE_NSS_KEYLOG \
USAGE_NSS_KEYLOG_FILE \
USAGE_CACHE \
+ USAGE_CACHE_TIME \
USAGE_MAX_FRAG_LEN \
USAGE_ALPN \
USAGE_EMS \
@@ -611,9 +619,13 @@
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* accept truncated hmac? */
int tickets; /* enable / disable session tickets */
+ int ticket_rotate; /* session ticket rotate (code coverage) */
int ticket_timeout; /* session ticket lifetime */
+ int ticket_aead; /* session ticket protection */
int cache_max; /* max number of session cache entries */
- int cache_timeout; /* expiration delay of session cache entries */
+#if defined(MBEDTLS_HAVE_TIME)
+ int cache_timeout; /* expiration delay of session cache entries*/
+#endif
char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
@@ -817,18 +829,23 @@
{
const sni_entry *cur = (const sni_entry *) p_info;
+ /* preserve behavior which checks for SNI match in sni_callback() for
+ * the benefits of tests using sni_callback(), even though the actual
+ * certificate assignment has moved to certificate selection callback
+ * in this application. This exercises sni_callback and cert_callback
+ * even though real applications might choose to do this differently.
+ * Application might choose to save name and name_len in user_data for
+ * later use in certificate selection callback.
+ */
while( cur != NULL )
{
if( name_len == strlen( cur->name ) &&
memcmp( name, cur->name, name_len ) == 0 )
{
- if( cur->ca != NULL )
- mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
-
- if( cur->authmode != DFL_AUTH_MODE )
- mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
-
- return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
+ void *p;
+ *(const void **)&p = cur;
+ mbedtls_ssl_set_user_data_p( ssl, p );
+ return( 0 );
}
cur = cur->next;
@@ -837,6 +854,33 @@
return( -1 );
}
+/*
+ * server certificate selection callback.
+ */
+int cert_callback( mbedtls_ssl_context *ssl )
+{
+ const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p( ssl );
+ if( cur != NULL )
+ {
+ /*(exercise mbedtls_ssl_get_hs_sni(); not otherwise used here)*/
+ size_t name_len;
+ const unsigned char *name = mbedtls_ssl_get_hs_sni( ssl, &name_len );
+ if( strlen( cur->name ) != name_len ||
+ memcmp( cur->name, name, name_len ) != 0 )
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+
+ if( cur->ca != NULL )
+ mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
+
+ if( cur->authmode != DFL_AUTH_MODE )
+ mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
+
+ return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
+ }
+
+ return( 0 );
+}
+
#endif /* SNI_OPTION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -849,7 +893,7 @@
size_t key_len;
unsigned char key[MBEDTLS_PSK_MAX_LEN];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t slot;
+ mbedtls_svc_key_id_t slot;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
psk_entry *next;
};
@@ -865,9 +909,9 @@
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
- psa_key_id_t const slot = head->slot;
+ mbedtls_svc_key_id_t const slot = head->slot;
- if( slot != 0 )
+ if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ) != 0 )
{
status = psa_destroy_key( slot );
if( status != PSA_SUCCESS )
@@ -940,7 +984,7 @@
memcmp( name, cur->name, name_len ) == 0 )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( cur->slot != 0 )
+ if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( cur->slot ) != 0 )
return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
else
#endif
@@ -1208,7 +1252,8 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot,
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot,
psa_algorithm_t alg,
unsigned char *psk,
size_t psk_len )
@@ -1230,6 +1275,7 @@
return( PSA_SUCCESS );
}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1291,7 +1337,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg = 0;
- psa_key_id_t psk_slot = 0;
+ mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
@@ -1323,8 +1369,8 @@
mbedtls_x509_crt srvcert2;
mbedtls_pk_context pkey2;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t key_slot = 0; /* invalid key slot */
- psa_key_id_t key_slot2 = 0; /* invalid key slot */
+ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
#endif
int key_cert_init = 0, key_cert_init2 = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1372,7 +1418,7 @@
int i;
char *p, *q;
const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
#endif
unsigned char eap_tls_keymaterial[16];
@@ -1438,7 +1484,7 @@
mbedtls_ssl_cookie_init( &cookie_ctx );
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if( status != PSA_SUCCESS )
{
@@ -1537,9 +1583,13 @@
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.tickets = DFL_TICKETS;
+ opt.ticket_rotate = DFL_TICKET_ROTATE;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
+ opt.ticket_aead = DFL_TICKET_AEAD;
opt.cache_max = DFL_CACHE_MAX;
+#if defined(MBEDTLS_HAVE_TIME)
opt.cache_timeout = DFL_CACHE_TIMEOUT;
+#endif
opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES;
@@ -1792,10 +1842,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1804,10 +1854,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1825,20 +1875,20 @@
{
if( strcmp( q, "tls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@@ -1909,24 +1959,40 @@
if( opt.tickets < 0 || opt.tickets > 1 )
goto usage;
}
+ else if( strcmp( p, "ticket_rotate" ) == 0 )
+ {
+ opt.ticket_rotate = atoi( q );
+ if( opt.ticket_rotate < 0 || opt.ticket_rotate > 1 )
+ goto usage;
+ }
else if( strcmp( p, "ticket_timeout" ) == 0 )
{
opt.ticket_timeout = atoi( q );
if( opt.ticket_timeout < 0 )
goto usage;
}
+ else if( strcmp( p, "ticket_aead" ) == 0 )
+ {
+ const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string( q );
+
+ if( ci == NULL )
+ goto usage;
+ opt.ticket_aead = mbedtls_cipher_info_get_type( ci );
+ }
else if( strcmp( p, "cache_max" ) == 0 )
{
opt.cache_max = atoi( q );
if( opt.cache_max < 0 )
goto usage;
}
+#if defined(MBEDTLS_HAVE_TIME)
else if( strcmp( p, "cache_timeout" ) == 0 )
{
opt.cache_timeout = atoi( q );
if( opt.cache_timeout < 0 )
goto usage;
}
+#endif
else if( strcmp( p, "cookies" ) == 0 )
{
opt.cookies = atoi( q );
@@ -2044,10 +2110,26 @@
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
- buf = mbedtls_calloc( 1, opt.buffer_size + 1 );
+
+ /* buf will alternatively contain the input read from the client and the
+ * response that's about to be sent, plus a null byte in each case. */
+ size_t buf_content_size = opt.buffer_size;
+ /* The default response contains the ciphersuite name. Leave enough
+ * room for that plus some margin. */
+ if( buf_content_size < strlen( HTTP_RESPONSE ) + 80 )
+ {
+ buf_content_size = strlen( HTTP_RESPONSE ) + 80;
+ }
+ if( opt.response_size != DFL_RESPONSE_SIZE &&
+ buf_content_size < (size_t) opt.response_size )
+ {
+ buf_content_size = opt.response_size;
+ }
+ buf = mbedtls_calloc( 1, buf_content_size + 1 );
if( buf == NULL )
{
- mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size );
+ mbedtls_printf( "Could not allocate %lu bytes\n",
+ (unsigned long) buf_content_size + 1 );
ret = 3;
goto exit;
}
@@ -2095,14 +2177,14 @@
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
- ciphersuite_info->min_minor_ver > opt.max_version )
+ ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
- ciphersuite_info->max_minor_ver < opt.min_version )
+ ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@@ -2112,23 +2194,24 @@
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
- opt.max_version > ciphersuite_info->max_minor_ver )
+ opt.max_version > ciphersuite_info->max_tls_version )
{
- opt.max_version = ciphersuite_info->max_minor_ver;
+ opt.max_version = ciphersuite_info->max_tls_version;
}
- if( opt.min_version < ciphersuite_info->min_minor_ver )
+ if( opt.min_version < ciphersuite_info->min_tls_version )
{
- opt.min_version = ciphersuite_info->min_minor_ver;
+ opt.min_version = ciphersuite_info->min_tls_version;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Ensure that the chosen ciphersuite is PSK-only; we must know
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
- opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@@ -2143,6 +2226,7 @@
#endif /* MBEDTLS_SHA384_C */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@@ -2491,7 +2575,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
+ if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
{
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
PSA_ALG_ANY_HASH ) ) != 0 )
@@ -2502,7 +2587,8 @@
}
}
- if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
+ if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA )
{
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
PSA_ALG_ANY_HASH ) ) != 0 )
@@ -2515,7 +2601,9 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
+ mbedtls_printf( " ok (key types: %s, %s)\n",
+ key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
+ key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
@@ -2574,7 +2662,7 @@
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -2695,8 +2783,10 @@
if( opt.cache_max != -1 )
mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
+#if defined(MBEDTLS_HAVE_TIME)
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
+#endif
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
@@ -2708,7 +2798,7 @@
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
rng_get, &rng,
- MBEDTLS_CIPHER_AES_256_GCM,
+ opt.ticket_aead,
opt.ticket_timeout ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
@@ -2719,6 +2809,23 @@
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&ticket_ctx );
+
+ /* exercise manual ticket rotation (not required for typical use)
+ * (used for external synchronization of session ticket encryption keys)
+ */
+ if( opt.ticket_rotate ) {
+ unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
+ unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
+ if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 ||
+ ( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 ||
+ ( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx,
+ name, sizeof(name), kbuf, sizeof(kbuf),
+ opt.ticket_timeout ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_rotate returned %d\n\n", ret );
+ goto exit;
+ }
+ }
}
#endif
@@ -2878,6 +2985,7 @@
if( opt.sni != NULL )
{
mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
+ mbedtls_ssl_conf_cert_cb( &conf, cert_callback );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 )
{
@@ -2993,10 +3101,10 @@
#endif
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
@@ -3231,8 +3339,17 @@
}
else /* ret == 0 */
{
- mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+ int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl( &ssl );
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
+
+ mbedtls_printf( " ok\n [ Protocol is %s ]\n"
+ " [ Ciphersuite is %s ]\n"
+ " [ Key size is %u ]\n",
+ mbedtls_ssl_get_version( &ssl ),
+ mbedtls_ssl_ciphersuite_get_name( ciphersuite_info ),
+ (unsigned int)
+ mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( ciphersuite_info ) );
}
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
@@ -3448,7 +3565,7 @@
do
{
int terminated = 0;
- len = opt.buffer_size - 1;
+ len = opt.buffer_size;
memset( buf, 0, opt.buffer_size );
ret = mbedtls_ssl_read( &ssl, buf, len );
@@ -3549,7 +3666,7 @@
}
else /* Not stream, so datagram */
{
- len = opt.buffer_size - 1;
+ len = opt.buffer_size;
memset( buf, 0, opt.buffer_size );
do
@@ -3651,6 +3768,8 @@
mbedtls_printf( " > Write to client:" );
fflush( stdout );
+ /* If the format of the response changes, make sure there is enough
+ * room in buf (buf_content_size calculation above). */
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
@@ -4018,13 +4137,14 @@
( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
- (unsigned) psk_slot, (int) status );
+ (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psk_slot ),
+ (int) status );
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking();
if( message )
{
@@ -4036,8 +4156,8 @@
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) \
+ && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( );
#endif
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 62cd35d..0e66895 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -262,24 +262,34 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int ssl_sig_hashes_for_test[] = {
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
+ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
+#elif defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA),
+#elif defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
+#else
+#define MBEDTLS_SSL_SIG_ALG( hash )
+#endif
+uint16_t ssl_sig_algs_for_test[] = {
#if defined(MBEDTLS_SHA512_C)
- MBEDTLS_MD_SHA512,
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
#if defined(MBEDTLS_SHA384_C)
- MBEDTLS_MD_SHA384,
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
#if defined(MBEDTLS_SHA256_C)
- MBEDTLS_MD_SHA256,
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
#if defined(MBEDTLS_SHA224_C)
- MBEDTLS_MD_SHA224,
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
#if defined(MBEDTLS_SHA1_C)
/* Allow SHA-1 as we use it extensively in tests. */
- MBEDTLS_MD_SHA1,
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif
- MBEDTLS_MD_NONE
+ MBEDTLS_TLS1_3_SIG_NONE
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 04e127a..a28a477 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -46,11 +46,13 @@
fflush( (FILE *) ctx );
}
+#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
+#endif
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
static int dummy_entropy( void *data, unsigned char *output, size_t len )
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 6b9e7b8..a359b3f 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -52,14 +52,12 @@
#endif
#if !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || \
- defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
- "MBEDTLS_NET_C and/or " \
- "MBEDTLS_SSL_TLS_C not defined, " \
- "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n"
+ !defined(MBEDTLS_SSL_TLS_C)
+#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
+ "MBEDTLS_NET_C and/or " \
+ "MBEDTLS_SSL_TLS_C not defined."
#elif !defined(HAVE_RNG)
-#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
+#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
"No random generator is available.\n"
#else
#undef MBEDTLS_SSL_TEST_IMPOSSIBLE
@@ -72,6 +70,7 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
@@ -130,9 +129,11 @@
const char *file, int line,
const char *str );
+#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
+#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
* mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
*
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index c2bb565..6ff2eb8 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -30,10 +30,10 @@
#define mbedtls_free free
#endif
-#if !defined(MBEDTLS_TIMING_C)
+#if !defined(MBEDTLS_HAVE_TIME)
int main( void )
{
- mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n");
mbedtls_exit( 0 );
}
#else
@@ -41,8 +41,6 @@
#include <string.h>
#include <stdlib.h>
-#include "mbedtls/timing.h"
-
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
@@ -1290,4 +1288,4 @@
mbedtls_exit( 0 );
}
-#endif /* MBEDTLS_TIMING_C */
+#endif /* MBEDTLS_HAVE_TIME */
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
index 3b88df4..c083604 100644
--- a/programs/test/dlopen.c
+++ b/programs/test/dlopen.c
@@ -19,8 +19,9 @@
#include "mbedtls/build_info.h"
+#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_PLATFORM_C)
+#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_fprintf fprintf
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index c7bcc53..0c40686 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -49,7 +49,9 @@
#include "mbedtls/ecjpake.h"
#include "mbedtls/timing.h"
#include "mbedtls/nist_kw.h"
+#include "mbedtls/debug.h"
+#include <limits.h>
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
@@ -361,6 +363,78 @@
}
/*
+ * The C standard allows padding bits in the representation
+ * of standard integer types, but our code does currently not
+ * support them.
+ *
+ * Here we check that the underlying C implementation doesn't
+ * use padding bits, and fail cleanly if it does.
+ *
+ * The check works by casting the maximum value representable
+ * by a given integer type into the unpadded integer type of the
+ * same bit-width and checking that it agrees with the maximum value
+ * of that unpadded type. For example, for a 4-byte int,
+ * MAX_INT should be 0x7fffffff in int32_t. This assumes that
+ * CHAR_BIT == 8, which is checked in check_config.h.
+ *
+ * We assume that [u]intxx_t exist and that they don't
+ * have padding bits, as the standard requires.
+ */
+
+#define CHECK_PADDING_SIGNED(TYPE, NAME) \
+ do \
+ { \
+ if( sizeof( TYPE ) == 2 || sizeof( TYPE ) == 4 || \
+ sizeof( TYPE ) == 8 ) { \
+ if( ( sizeof( TYPE ) == 2 && \
+ (int16_t) NAME ## _MAX != 0x7FFF ) || \
+ ( sizeof( TYPE ) == 4 && \
+ (int32_t) NAME ## _MAX != 0x7FFFFFFF ) || \
+ ( sizeof( TYPE ) == 8 && \
+ (int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF ) ) \
+ { \
+ mbedtls_printf( "Type '" #TYPE "' has padding bits\n" );\
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } else { \
+ mbedtls_printf( "Padding checks only implemented for types of size 2, 4 or 8" \
+ " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
+ sizeof( TYPE ) ); \
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } while( 0 )
+
+#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \
+ do \
+ { \
+ if( ( sizeof( TYPE ) == 2 && \
+ (uint16_t) NAME ## _MAX != 0xFFFF ) || \
+ ( sizeof( TYPE ) == 4 && \
+ (uint32_t) NAME ## _MAX != 0xFFFFFFFF ) || \
+ ( sizeof( TYPE ) == 8 && \
+ (uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF ) ) \
+ { \
+ mbedtls_printf( "Type '" #TYPE "' has padding bits\n" ); \
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } while( 0 )
+
+ CHECK_PADDING_SIGNED( short, SHRT );
+ CHECK_PADDING_SIGNED( int, INT );
+ CHECK_PADDING_SIGNED( long, LONG );
+ CHECK_PADDING_SIGNED( long long, LLONG );
+ CHECK_PADDING_SIGNED( ptrdiff_t, PTRDIFF );
+
+ CHECK_PADDING_UNSIGNED( unsigned short, USHRT );
+ CHECK_PADDING_UNSIGNED( unsigned, UINT );
+ CHECK_PADDING_UNSIGNED( unsigned long, ULONG );
+ CHECK_PADDING_UNSIGNED( unsigned long long, ULLONG );
+ CHECK_PADDING_UNSIGNED( size_t, SIZE );
+
+#undef CHECK_PADDING_SIGNED
+#undef CHECK_PADDING_UNSIGNED
+
+ /*
* Make sure we have a snprintf that correctly zero-terminates
*/
if( run_test_snprintf() != 0 )
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 6546e8f..41a90a9 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -32,9 +32,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
#include <time.h>
#define mbedtls_time time
#define mbedtls_time_t time_t
+#endif
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
@@ -71,7 +73,9 @@
#endif
#endif /* _MSC_VER */
#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+#if defined(MBEDTLS_HAVE_TIME)
#include <sys/time.h>
+#endif
#include <sys/types.h>
#include <unistd.h>
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
@@ -831,7 +835,11 @@
*/
if( opt.seed == 0 )
{
- opt.seed = (unsigned int) time( NULL );
+#if defined(MBEDTLS_HAVE_TIME)
+ opt.seed = (unsigned int) mbedtls_time( NULL );
+#else
+ opt.seed = 1;
+#endif /* MBEDTLS_HAVE_TIME */
mbedtls_printf( " . Pseudo-random seed: %u\n", opt.seed );
}
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index 3cfd95a..f11cdf2 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -1,14 +1,26 @@
#!/usr/bin/env python3
"""
-Purpose
+This script compares the interfaces of two versions of Mbed TLS, looking
+for backward incompatibilities between two different Git revisions within
+an Mbed TLS repository. It must be run from the root of a Git working tree.
-This script is a small wrapper around the abi-compliance-checker and
-abi-dumper tools, applying them to compare the ABI and API of the library
-files from two different Git revisions within an Mbed TLS repository.
-The results of the comparison are either formatted as HTML and stored at
-a configurable location, or are given as a brief list of problems.
-Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error
-while running the script. Note: must be run from Mbed TLS root.
+For the source (API) and runtime (ABI) interface compatibility, this script
+is a small wrapper around the abi-compliance-checker and abi-dumper tools,
+applying them to compare the header and library files.
+
+For the storage format, this script compares the automatically generated
+storage tests and the manual read tests, and complains if there is a
+reduction in coverage. A change in test data will be signaled as a
+coverage reduction since the old test data is no longer present. A change in
+how test data is presented will be signaled as well; this would be a false
+positive.
+
+The results of the API/ABI comparison are either formatted as HTML and stored
+at a configurable location, or are given as a brief list of problems.
+Returns 0 on success, 1 on non-compliance, and 2 if there is an error
+while running the script.
+
+You must run this test from an Mbed TLS root.
"""
# Copyright The Mbed TLS Contributors
@@ -26,7 +38,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import glob
import os
+import re
import sys
import traceback
import shutil
@@ -51,6 +65,9 @@
configuration.report_dir: directory for output files
configuration.keep_all_reports: if false, delete old reports
configuration.brief: if true, output shorter report to stdout
+ configuration.check_abi: if true, compare ABIs
+ configuration.check_api: if true, compare APIs
+ configuration.check_storage: if true, compare storage format tests
configuration.skip_file: path to file containing symbols and types to skip
"""
self.repo_path = "."
@@ -64,6 +81,11 @@
self.old_version = old_version
self.new_version = new_version
self.skip_file = configuration.skip_file
+ self.check_abi = configuration.check_abi
+ self.check_api = configuration.check_api
+ if self.check_abi != self.check_api:
+ raise Exception('Checking API without ABI or vice versa is not supported')
+ self.check_storage_tests = configuration.check_storage
self.brief = configuration.brief
self.git_command = "git"
self.make_command = "make"
@@ -208,6 +230,93 @@
self.log.debug(abi_dump_output.decode("utf-8"))
version.abi_dumps[mbed_module] = output_path
+ @staticmethod
+ def _normalize_storage_test_case_data(line):
+ """Eliminate cosmetic or irrelevant details in storage format test cases."""
+ line = re.sub(r'\s+', r'', line)
+ return line
+
+ def _read_storage_tests(self,
+ directory,
+ filename,
+ is_generated,
+ storage_tests):
+ """Record storage tests from the given file.
+
+ Populate the storage_tests dictionary with test cases read from
+ filename under directory.
+ """
+ at_paragraph_start = True
+ description = None
+ full_path = os.path.join(directory, filename)
+ with open(full_path) as fd:
+ for line_number, line in enumerate(fd, 1):
+ line = line.strip()
+ if not line:
+ at_paragraph_start = True
+ continue
+ if line.startswith('#'):
+ continue
+ if at_paragraph_start:
+ description = line.strip()
+ at_paragraph_start = False
+ continue
+ if line.startswith('depends_on:'):
+ continue
+ # We've reached a test case data line
+ test_case_data = self._normalize_storage_test_case_data(line)
+ if not is_generated:
+ # In manual test data, only look at read tests.
+ function_name = test_case_data.split(':', 1)[0]
+ if 'read' not in function_name.split('_'):
+ continue
+ metadata = SimpleNamespace(
+ filename=filename,
+ line_number=line_number,
+ description=description
+ )
+ storage_tests[test_case_data] = metadata
+
+ @staticmethod
+ def _list_generated_test_data_files(git_worktree_path):
+ """List the generated test data files."""
+ output = subprocess.check_output(
+ ['tests/scripts/generate_psa_tests.py', '--list'],
+ cwd=git_worktree_path,
+ ).decode('ascii')
+ return [line for line in output.split('\n') if line]
+
+ def _get_storage_format_tests(self, version, git_worktree_path):
+ """Record the storage format tests for the specified git version.
+
+ The storage format tests are the test suite data files whose name
+ contains "storage_format".
+
+ The version must be checked out at git_worktree_path.
+
+ This function creates or updates the generated data files.
+ """
+ # Existing test data files. This may be missing some automatically
+ # generated files if they haven't been generated yet.
+ storage_data_files = set(glob.glob(
+ 'tests/suites/test_suite_*storage_format*.data'
+ ))
+ # Discover and (re)generate automatically generated data files.
+ to_be_generated = set()
+ for filename in self._list_generated_test_data_files(git_worktree_path):
+ if 'storage_format' in filename:
+ storage_data_files.add(filename)
+ to_be_generated.add(filename)
+ subprocess.check_call(
+ ['tests/scripts/generate_psa_tests.py'] + sorted(to_be_generated),
+ cwd=git_worktree_path,
+ )
+ for test_file in sorted(storage_data_files):
+ self._read_storage_tests(git_worktree_path,
+ test_file,
+ test_file in to_be_generated,
+ version.storage_tests)
+
def _cleanup_worktree(self, git_worktree_path):
"""Remove the specified git worktree."""
shutil.rmtree(git_worktree_path)
@@ -219,11 +328,14 @@
self.log.debug(worktree_output.decode("utf-8"))
def _get_abi_dump_for_ref(self, version):
- """Generate the ABI dumps for the specified git revision."""
+ """Generate the interface information for the specified git revision."""
git_worktree_path = self._get_clean_worktree_for_git_revision(version)
self._update_git_submodules(git_worktree_path, version)
- self._build_shared_libraries(git_worktree_path, version)
- self._get_abi_dumps_from_shared_libraries(version)
+ if self.check_abi:
+ self._build_shared_libraries(git_worktree_path, version)
+ self._get_abi_dumps_from_shared_libraries(version)
+ if self.check_storage_tests:
+ self._get_storage_format_tests(version, git_worktree_path)
self._cleanup_worktree(git_worktree_path)
def _remove_children_with_tag(self, parent, tag):
@@ -301,6 +413,37 @@
os.remove(output_path)
return True
+ @staticmethod
+ def _is_storage_format_compatible(old_tests, new_tests,
+ compatibility_report):
+ """Check whether all tests present in old_tests are also in new_tests.
+
+ Append a message regarding compatibility to compatibility_report.
+ """
+ missing = frozenset(old_tests.keys()).difference(new_tests.keys())
+ for test_data in sorted(missing):
+ metadata = old_tests[test_data]
+ compatibility_report.append(
+ 'Test case from {} line {} "{}" has disappeared: {}'.format(
+ metadata.filename, metadata.line_number,
+ metadata.description, test_data
+ )
+ )
+ compatibility_report.append(
+ 'FAIL: {}/{} storage format test cases have changed or disappeared.'.format(
+ len(missing), len(old_tests)
+ ) if missing else
+ 'PASS: All {} storage format test cases are preserved.'.format(
+ len(old_tests)
+ )
+ )
+ compatibility_report.append(
+ 'Info: number of storage format tests cases: {} -> {}.'.format(
+ len(old_tests), len(new_tests)
+ )
+ )
+ return not missing
+
def get_abi_compatibility_report(self):
"""Generate a report of the differences between the reference ABI
and the new ABI. ABI dumps from self.old_version and self.new_version
@@ -310,12 +453,22 @@
self._pretty_revision(self.new_version)
)]
compliance_return_code = 0
- shared_modules = list(set(self.old_version.modules.keys()) &
- set(self.new_version.modules.keys()))
- for mbed_module in shared_modules:
- if not self._is_library_compatible(mbed_module,
- compatibility_report):
+
+ if self.check_abi:
+ shared_modules = list(set(self.old_version.modules.keys()) &
+ set(self.new_version.modules.keys()))
+ for mbed_module in shared_modules:
+ if not self._is_library_compatible(mbed_module,
+ compatibility_report):
+ compliance_return_code = 1
+
+ if self.check_storage_tests:
+ if not self._is_storage_format_compatible(
+ self.old_version.storage_tests,
+ self.new_version.storage_tests,
+ compatibility_report):
compliance_return_code = 1
+
for version in [self.old_version, self.new_version]:
for mbed_module, mbed_module_dump in version.abi_dumps.items():
os.remove(mbed_module_dump)
@@ -328,7 +481,8 @@
"""Generate a report of ABI differences
between self.old_rev and self.new_rev."""
self.check_repo_path()
- self.check_abi_tools_are_installed()
+ if self.check_api or self.check_abi:
+ self.check_abi_tools_are_installed()
self._get_abi_dump_for_ref(self.old_version)
self._get_abi_dump_for_ref(self.new_version)
return self.get_abi_compatibility_report()
@@ -337,17 +491,7 @@
def run_main():
try:
parser = argparse.ArgumentParser(
- description=(
- """This script is a small wrapper around the
- abi-compliance-checker and abi-dumper tools, applying them
- to compare the ABI and API of the library files from two
- different Git revisions within an Mbed TLS repository.
- The results of the comparison are either formatted as HTML and
- stored at a configurable location, or are given as a brief list
- of problems. Returns 0 on success, 1 on ABI/API non-compliance,
- and 2 if there is an error while running the script.
- Note: must be run from Mbed TLS root."""
- )
+ description=__doc__
)
parser.add_argument(
"-v", "--verbose", action="store_true",
@@ -398,6 +542,24 @@
"\"tests/scripts/list-identifiers.sh --internal\")")
)
parser.add_argument(
+ "--check-abi",
+ action='store_true', default=True,
+ help="Perform ABI comparison (default: yes)"
+ )
+ parser.add_argument("--no-check-abi", action='store_false', dest='check_abi')
+ parser.add_argument(
+ "--check-api",
+ action='store_true', default=True,
+ help="Perform API comparison (default: yes)"
+ )
+ parser.add_argument("--no-check-api", action='store_false', dest='check_api')
+ parser.add_argument(
+ "--check-storage",
+ action='store_true', default=True,
+ help="Perform storage tests comparison (default: yes)"
+ )
+ parser.add_argument("--no-check-storage", action='store_false', dest='check_storage')
+ parser.add_argument(
"-b", "--brief", action="store_true",
help="output only the list of issues to stdout, instead of a full report",
)
@@ -413,6 +575,7 @@
crypto_repository=abi_args.old_crypto_repo,
crypto_revision=abi_args.old_crypto_rev,
abi_dumps={},
+ storage_tests={},
modules={}
)
new_version = SimpleNamespace(
@@ -423,6 +586,7 @@
crypto_repository=abi_args.new_crypto_repo,
crypto_revision=abi_args.new_crypto_rev,
abi_dumps={},
+ storage_tests={},
modules={}
)
configuration = SimpleNamespace(
@@ -430,6 +594,9 @@
report_dir=abi_args.report_dir,
keep_all_reports=abi_args.keep_all_reports,
brief=abi_args.brief,
+ check_abi=abi_args.check_abi,
+ check_api=abi_args.check_api,
+ check_storage=abi_args.check_storage,
skip_file=abi_args.skip_file
)
abi_check = AbiChecker(old_version, new_version, configuration)
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index b8a63c9..7b036aa 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -407,14 +407,15 @@
is also present in an output file. This is not perfect but good enough
for now.
"""
- generated_output = set(open(generated_output_file, 'r', encoding='utf-8'))
- for line in open(main_input_file, 'r', encoding='utf-8'):
- if line not in generated_output:
- raise LostContent('original file', line)
- for merged_file in merged_files:
- for line in open(merged_file, 'r', encoding='utf-8'):
+ with open(generated_output_file, 'r', encoding='utf-8') as fd:
+ generated_output = set(fd)
+ for line in open(main_input_file, 'r', encoding='utf-8'):
if line not in generated_output:
- raise LostContent(merged_file, line)
+ raise LostContent('original file', line)
+ for merged_file in merged_files:
+ for line in open(merged_file, 'r', encoding='utf-8'):
+ if line not in generated_output:
+ raise LostContent(merged_file, line)
def finish_output(changelog, output_file, input_file, merged_files):
"""Write the changelog to the output file.
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 6a4a69d..f5d7033 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -126,12 +126,12 @@
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
cat include/mbedtls/build_info.h | \
- sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
- sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
- sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
- sed -e "s/_VERSION_NUMBER .\{1,\}/_VERSION_NUMBER $VERSION_NR/" | \
- sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MAJOR .\{1,\}/\1_MAJOR $MAJOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MINOR .\{1,\}/\1_MINOR $MINOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 209ae3d..1ad983f 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -8,5 +8,5 @@
pylint == 2.4.4
# Use the earliest version of mypy that works with our code base.
-# See https://github.com/ARMmbed/mbedtls/pull/3953 .
+# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
mypy >= 0.780
diff --git a/scripts/config.py b/scripts/config.py
index 6d5edc7..c373936 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -198,6 +198,8 @@
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
+ 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
+ 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
@@ -272,6 +274,21 @@
return True
return include_in_full(name) and keep_in_baremetal(name)
+# This set contains options that are mostly for debugging or test purposes,
+# and therefore should be excluded when doing code size measurements.
+# Options that are their own module (such as MBEDTLS_ERROR_C) are not listed
+# and therefore will be included when doing code size measurements.
+EXCLUDE_FOR_SIZE = frozenset([
+ 'MBEDTLS_DEBUG_C', # large code size increase in TLS
+ 'MBEDTLS_SELF_TEST', # increases the size of many modules
+ 'MBEDTLS_TEST_HOOKS', # only useful with the hosted test framework, increases code size
+])
+
+def baremetal_size_adapter(name, active, section):
+ if name in EXCLUDE_FOR_SIZE:
+ return False
+ return baremetal_adapter(name, active, section)
+
def include_in_crypto(name):
"""Rules for symbols in a crypto configuration."""
if name.startswith('MBEDTLS_X509_') or \
@@ -484,6 +501,9 @@
add_adapter('baremetal', baremetal_adapter,
"""Like full, but exclude features that require platform
features such as file input-output.""")
+ add_adapter('baremetal_size', baremetal_size_adapter,
+ """Like baremetal, but exclude debugging features.
+ Useful for code size measurements.""")
add_adapter('full', full_adapter,
"""Uncomment most features.
Exclude alternative implementations and platform support
diff --git a/library/psa_crypto_driver_wrappers.c b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
similarity index 93%
rename from library/psa_crypto_driver_wrappers.c
rename to scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 8d86478..a5ae6a2 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -26,6 +26,7 @@
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_mac.h"
+#include "psa_crypto_rsa.h"
#include "mbedtls/platform.h"
@@ -1615,6 +1616,22 @@
}
}
+psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+ uint8_t *tag_len )
+{
+ if( operation == NULL || tag_len == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
+ return ( PSA_SUCCESS );
+#endif
+#endif
+ *tag_len = operation->ctx.mbedtls_ctx.tag_length;
+ return ( PSA_SUCCESS );
+}
+
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
@@ -2332,4 +2349,123 @@
}
}
+/*
+ * Asymmetric cryptography
+ */
+psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+ salt, salt_length, output, output_size,
+ output_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( mbedtls_psa_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+ salt, salt_length, output, output_size, output_length )
+ );
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+ salt, salt_length, output, output_size, output_length )
+ );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)input;
+ (void)input_length;
+ (void)salt;
+ (void)salt_length;
+ (void)output;
+ (void)output_size;
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+ salt, salt_length, output, output_size,
+ output_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( mbedtls_psa_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg,input, input_length,
+ salt, salt_length, output, output_size,
+ output_length ) );
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+ salt, salt_length, output, output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)input;
+ (void)input_length;
+ (void)salt;
+ (void)salt_length;
+ (void)output;
+ (void)output_size;
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 8b0057c..fa124f0 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -67,7 +67,9 @@
#include "mbedtls/pk.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
+#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
+#endif
#include "mbedtls/platform_util.h"
#include "mbedtls/poly1305.h"
#include "mbedtls/ripemd160.h"
diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt
index 17569bb..0d75a3d 100644
--- a/scripts/driver.requirements.txt
+++ b/scripts/driver.requirements.txt
@@ -1,10 +1,16 @@
# Python package requirements for driver implementers.
+# Jinja2 <3.0 needs an older version of markupsafe, but does not
+# declare it.
+# https://github.com/pallets/markupsafe/issues/282
+# https://github.com/pallets/jinja/issues/1585
+markupsafe < 2.1
+
# Use the version of Jinja that's in Ubuntu 20.04.
-# See https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607 .
+# See https://github.com/Mbed-TLS/mbedtls/pull/5067#discussion_r738794607 .
# Note that Jinja 3.0 drops support for Python 3.5, so we need to support
# Jinja 2.x as long as we're still using Python 3.5 anywhere.
Jinja2 >= 2.10.1
-# Jinja2 >=2.10, <<3.0 needs a separate package for type annotations
+# Jinja2 >=2.10, <3.0 needs a separate package for type annotations
types-Jinja2
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
new file mode 100755
index 0000000..42331ac
--- /dev/null
+++ b/scripts/generate_driver_wrappers.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""Generate library/psa_crypto_driver_wrappers.c
+
+ This module is invoked by the build sripts to auto generate the
+ psa_crypto_driver_wrappers.c based on template files in
+ script/data_files/driver_templates/.
+"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import os
+import argparse
+import jinja2
+from mbedtls_dev import build_tree
+
+def render(template_path: str) -> str:
+ """
+ Render template from the input file.
+ """
+ environment = jinja2.Environment(
+ loader=jinja2.FileSystemLoader(os.path.dirname(template_path)),
+ keep_trailing_newline=True)
+ template = environment.get_template(os.path.basename(template_path))
+
+ return template.render()
+
+def generate_driver_wrapper_file(mbedtls_root: str, output_dir: str) -> None:
+ """
+ Generate the file psa_crypto_driver_wrapper.c.
+ """
+ driver_wrapper_template_filename = \
+ os.path.join(mbedtls_root, \
+ "scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja")
+
+ result = render(driver_wrapper_template_filename)
+
+ with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file:
+ out_file.write(result)
+
+def main() -> int:
+ """
+ Main with command line arguments.
+ """
+ def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
+ def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library')
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root,
+ help='root directory of mbedtls source code')
+ parser.add_argument('output_directory', nargs='?',
+ default=def_arg_output_dir, help='output file\'s location')
+ args = parser.parse_args()
+
+ mbedtls_root = os.path.abspath(args.mbedtls_root)
+ output_directory = args.output_directory
+
+ generate_driver_wrapper_file(mbedtls_root, output_directory)
+
+ return 0
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 98e1c48..a722c19 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -234,6 +234,63 @@
prototype=self._prototype)
return body
+class SignatureAlgorithmDefinition:
+ """
+ Generate helper functions for signature algorithms.
+
+ It generates translation function from signature algorithm define to string.
+ Signature algorithm definition looks like:
+ #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ]
+
+ Known limitation:
+ - the definitions SHOULD exist in same macro blocks.
+ """
+
+ @classmethod
+ def extract(cls, source_code, start=0, end=-1):
+ sig_alg_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_TLS1_3_SIG_\w+)\s+' +
+ r'(?P<value>0[xX][0-9a-fA-F]+)$',
+ re.MULTILINE | re.DOTALL)
+ matches = list(sig_alg_pattern.finditer(source_code, start, end))
+ if matches:
+ yield SignatureAlgorithmDefinition(source_code, definitions=matches)
+
+ def __init__(self, source_code, definitions=None):
+ if definitions is None:
+ definitions = []
+ assert isinstance(definitions, list) and definitions
+ self._definitions = definitions
+ self._source = source_code
+
+ def __repr__(self):
+ return 'SigAlgs({})'.format(self._definitions[0].span())
+
+ def span(self):
+ return self._definitions[0].span()
+ def __str__(self):
+ """
+ Generate function for translating value to string
+ """
+ translation_table = []
+ for m in self._definitions:
+ name = m.groupdict()['name']
+ translation_table.append(
+ '\tcase {}:\n\t return "{}";'.format(name,
+ name[len('MBEDTLS_TLS1_3_SIG_'):].lower())
+ )
+
+ body = textwrap.dedent('''\
+ const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
+ {{
+ switch( in )
+ {{
+ {translation_table}
+ }};
+
+ return "UNKOWN";
+ }}''')
+ body = body.format(translation_table='\n'.join(translation_table))
+ return body
OUTPUT_C_TEMPLATE = '''\
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
@@ -283,7 +340,9 @@
source_code = remove_c_comments(f.read())
definitions = dict()
- for start, instance in preprocess_c_source_code(source_code, EnumDefinition):
+ for start, instance in preprocess_c_source_code(source_code,
+ EnumDefinition,
+ SignatureAlgorithmDefinition):
if start in definitions:
continue
if isinstance(instance, EnumDefinition):
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index d3a8b36..662da98 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -1,6 +1,9 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
@rem Perl and Python 3 must be on the PATH.
+@rem psa_crypto_driver_wrappers.c needs to be generated prior to
+@rem generate_visualc_files.pl being invoked.
+python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index c38955b..1bd011f 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -18,15 +18,45 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import enum
import re
from typing import Dict, Iterable, Optional, Pattern, Tuple
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
+
+BLOCK_CIPHERS = frozenset(['AES', 'ARIA', 'CAMELLIA', 'DES'])
+BLOCK_MAC_MODES = frozenset(['CBC_MAC', 'CMAC'])
+BLOCK_CIPHER_MODES = frozenset([
+ 'CTR', 'CFB', 'OFB', 'XTS', 'CCM_STAR_NO_TAG',
+ 'ECB_NO_PADDING', 'CBC_NO_PADDING', 'CBC_PKCS7',
+])
+BLOCK_AEAD_MODES = frozenset(['CCM', 'GCM'])
+
+class EllipticCurveCategory(enum.Enum):
+ """Categorization of elliptic curve families.
+
+ The category of a curve determines what algorithms are defined over it.
+ """
+
+ SHORT_WEIERSTRASS = 0
+ MONTGOMERY = 1
+ TWISTED_EDWARDS = 2
+
+ @staticmethod
+ def from_family(family: str) -> 'EllipticCurveCategory':
+ if family == 'PSA_ECC_FAMILY_MONTGOMERY':
+ return EllipticCurveCategory.MONTGOMERY
+ if family == 'PSA_ECC_FAMILY_TWISTED_EDWARDS':
+ return EllipticCurveCategory.TWISTED_EDWARDS
+ # Default to SW, which most curves belong to.
+ return EllipticCurveCategory.SHORT_WEIERSTRASS
+
+
class KeyType:
"""Knowledge about a PSA key type."""
- def __init__(self, name: str, params: Optional[Iterable[str]] = None):
+ def __init__(self, name: str, params: Optional[Iterable[str]] = None) -> None:
"""Analyze a key type.
The key type must be specified in PSA syntax. In its simplest form,
@@ -62,6 +92,11 @@
if self.params is not None:
self.expression += '(' + ', '.join(self.params) + ')'
+ m = re.match(r'PSA_KEY_TYPE_(\w+)', self.name)
+ assert m
+ self.head = re.sub(r'_(?:PUBLIC_KEY|KEY_PAIR)\Z', r'', m.group(1))
+ """The key type macro name, with common prefixes and suffixes stripped."""
+
self.private_type = re.sub(r'_PUBLIC_KEY\Z', r'_KEY_PAIR', self.name)
"""The key type macro name for the corresponding key pair type.
@@ -69,6 +104,10 @@
`self.name`.
"""
+ def is_public(self) -> bool:
+ """Whether the key type is for public keys."""
+ return self.name.endswith('_PUBLIC_KEY')
+
ECC_KEY_SIZES = {
'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256),
'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521),
@@ -153,3 +192,210 @@
"""
# This is just temporaly solution for the implicit usage flags.
return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None
+
+ def can_do(self, alg: 'Algorithm') -> bool:
+ """Whether this key type can be used for operations with the given algorithm.
+
+ This function does not currently handle key derivation or PAKE.
+ """
+ #pylint: disable=too-many-return-statements
+ if alg.is_wildcard:
+ return False
+ if self.head == 'HMAC' and alg.head == 'HMAC':
+ return True
+ if self.head in BLOCK_CIPHERS and \
+ alg.head in frozenset.union(BLOCK_MAC_MODES,
+ BLOCK_CIPHER_MODES,
+ BLOCK_AEAD_MODES):
+ return True
+ if self.head == 'CHACHA20' and alg.head == 'CHACHA20_POLY1305':
+ return True
+ if self.head in {'ARC4', 'CHACHA20'} and \
+ alg.head == 'STREAM_CIPHER':
+ return True
+ if self.head == 'RSA' and alg.head.startswith('RSA_'):
+ return True
+ if self.head == 'ECC':
+ assert self.params is not None
+ eccc = EllipticCurveCategory.from_family(self.params[0])
+ if alg.head == 'ECDH' and \
+ eccc in {EllipticCurveCategory.SHORT_WEIERSTRASS,
+ EllipticCurveCategory.MONTGOMERY}:
+ return True
+ if alg.head == 'ECDSA' and \
+ eccc == EllipticCurveCategory.SHORT_WEIERSTRASS:
+ return True
+ if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \
+ eccc == EllipticCurveCategory.TWISTED_EDWARDS:
+ return True
+ return False
+
+
+class AlgorithmCategory(enum.Enum):
+ """PSA algorithm categories."""
+ # The numbers are aligned with the category bits in numerical values of
+ # algorithms.
+ HASH = 2
+ MAC = 3
+ CIPHER = 4
+ AEAD = 5
+ SIGN = 6
+ ASYMMETRIC_ENCRYPTION = 7
+ KEY_DERIVATION = 8
+ KEY_AGREEMENT = 9
+ PAKE = 10
+
+ def requires_key(self) -> bool:
+ """Whether operations in this category are set up with a key."""
+ return self not in {self.HASH, self.KEY_DERIVATION}
+
+ def is_asymmetric(self) -> bool:
+ """Whether operations in this category involve asymmetric keys."""
+ return self in {
+ self.SIGN,
+ self.ASYMMETRIC_ENCRYPTION,
+ self.KEY_AGREEMENT
+ }
+
+
+class AlgorithmNotRecognized(Exception):
+ def __init__(self, expr: str) -> None:
+ super().__init__('Algorithm not recognized: ' + expr)
+ self.expr = expr
+
+
+class Algorithm:
+ """Knowledge about a PSA algorithm."""
+
+ @staticmethod
+ def determine_base(expr: str) -> str:
+ """Return an expression for the "base" of the algorithm.
+
+ This strips off variants of algorithms such as MAC truncation.
+
+ This function does not attempt to detect invalid inputs.
+ """
+ m = re.match(r'PSA_ALG_(?:'
+ r'(?:TRUNCATED|AT_LEAST_THIS_LENGTH)_MAC|'
+ r'AEAD_WITH_(?:SHORTENED|AT_LEAST_THIS_LENGTH)_TAG'
+ r')\((.*),[^,]+\)\Z', expr)
+ if m:
+ expr = m.group(1)
+ return expr
+
+ @staticmethod
+ def determine_head(expr: str) -> str:
+ """Return the head of an algorithm expression.
+
+ The head is the first (outermost) constructor, without its PSA_ALG_
+ prefix, and with some normalization of similar algorithms.
+ """
+ m = re.match(r'PSA_ALG_(?:DETERMINISTIC_)?(\w+)', expr)
+ if not m:
+ raise AlgorithmNotRecognized(expr)
+ head = m.group(1)
+ if head == 'KEY_AGREEMENT':
+ m = re.match(r'PSA_ALG_KEY_AGREEMENT\s*\(\s*PSA_ALG_(\w+)', expr)
+ if not m:
+ raise AlgorithmNotRecognized(expr)
+ head = m.group(1)
+ head = re.sub(r'_ANY\Z', r'', head)
+ if re.match(r'ED[0-9]+PH\Z', head):
+ head = 'EDDSA_PREHASH'
+ return head
+
+ CATEGORY_FROM_HEAD = {
+ 'SHA': AlgorithmCategory.HASH,
+ 'SHAKE256_512': AlgorithmCategory.HASH,
+ 'MD': AlgorithmCategory.HASH,
+ 'RIPEMD': AlgorithmCategory.HASH,
+ 'ANY_HASH': AlgorithmCategory.HASH,
+ 'HMAC': AlgorithmCategory.MAC,
+ 'STREAM_CIPHER': AlgorithmCategory.CIPHER,
+ 'CHACHA20_POLY1305': AlgorithmCategory.AEAD,
+ 'DSA': AlgorithmCategory.SIGN,
+ 'ECDSA': AlgorithmCategory.SIGN,
+ 'EDDSA': AlgorithmCategory.SIGN,
+ 'PURE_EDDSA': AlgorithmCategory.SIGN,
+ 'RSA_PSS': AlgorithmCategory.SIGN,
+ 'RSA_PKCS1V15_SIGN': AlgorithmCategory.SIGN,
+ 'RSA_PKCS1V15_CRYPT': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
+ 'RSA_OAEP': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
+ 'HKDF': AlgorithmCategory.KEY_DERIVATION,
+ 'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION,
+ 'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION,
+ 'PBKDF': AlgorithmCategory.KEY_DERIVATION,
+ 'ECDH': AlgorithmCategory.KEY_AGREEMENT,
+ 'FFDH': AlgorithmCategory.KEY_AGREEMENT,
+ # KEY_AGREEMENT(...) is a key derivation with a key agreement component
+ 'KEY_AGREEMENT': AlgorithmCategory.KEY_DERIVATION,
+ 'JPAKE': AlgorithmCategory.PAKE,
+ }
+ for x in BLOCK_MAC_MODES:
+ CATEGORY_FROM_HEAD[x] = AlgorithmCategory.MAC
+ for x in BLOCK_CIPHER_MODES:
+ CATEGORY_FROM_HEAD[x] = AlgorithmCategory.CIPHER
+ for x in BLOCK_AEAD_MODES:
+ CATEGORY_FROM_HEAD[x] = AlgorithmCategory.AEAD
+
+ def determine_category(self, expr: str, head: str) -> AlgorithmCategory:
+ """Return the category of the given algorithm expression.
+
+ This function does not attempt to detect invalid inputs.
+ """
+ prefix = head
+ while prefix:
+ if prefix in self.CATEGORY_FROM_HEAD:
+ return self.CATEGORY_FROM_HEAD[prefix]
+ if re.match(r'.*[0-9]\Z', prefix):
+ prefix = re.sub(r'_*[0-9]+\Z', r'', prefix)
+ else:
+ prefix = re.sub(r'_*[^_]*\Z', r'', prefix)
+ raise AlgorithmNotRecognized(expr)
+
+ @staticmethod
+ def determine_wildcard(expr) -> bool:
+ """Whether the given algorithm expression is a wildcard.
+
+ This function does not attempt to detect invalid inputs.
+ """
+ if re.search(r'\bPSA_ALG_ANY_HASH\b', expr):
+ return True
+ if re.search(r'_AT_LEAST_', expr):
+ return True
+ return False
+
+ def __init__(self, expr: str) -> None:
+ """Analyze an algorithm value.
+
+ The algorithm must be expressed as a C expression containing only
+ calls to PSA algorithm constructor macros and numeric literals.
+
+ This class is only programmed to handle valid expressions. Invalid
+ expressions may result in exceptions or in nonsensical results.
+ """
+ self.expression = re.sub(r'\s+', r'', expr)
+ self.base_expression = self.determine_base(self.expression)
+ self.head = self.determine_head(self.base_expression)
+ self.category = self.determine_category(self.base_expression, self.head)
+ self.is_wildcard = self.determine_wildcard(self.expression)
+
+ def is_key_agreement_with_derivation(self) -> bool:
+ """Whether this is a combined key agreement and key derivation algorithm."""
+ if self.category != AlgorithmCategory.KEY_AGREEMENT:
+ return False
+ m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression)
+ if not m:
+ return False
+ kdf_alg = m.group(1)
+ # Assume kdf_alg is either a valid KDF or 0.
+ return not re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg)
+
+ def can_do(self, category: AlgorithmCategory) -> bool:
+ """Whether this algorithm fits the specified operation category."""
+ if category == self.category:
+ return True
+ if category == AlgorithmCategory.KEY_DERIVATION and \
+ self.is_key_agreement_with_derivation():
+ return True
+ return False
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index bf82f13..987779d 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -18,7 +18,7 @@
import itertools
import re
-from typing import Dict, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union
+from typing import Dict, IO, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union
class ReadFileLineException(Exception):
@@ -50,12 +50,13 @@
"""
def __init__(self, filename: str, binary: bool = False) -> None:
self.filename = filename
+ self.file = None #type: Optional[IO[str]]
self.line_number = 'entry' #type: Union[int, str]
self.generator = None #type: Optional[Iterable[Tuple[int, str]]]
self.binary = binary
def __enter__(self) -> 'read_file_lines':
- self.generator = enumerate(open(self.filename,
- 'rb' if self.binary else 'r'))
+ self.file = open(self.filename, 'rb' if self.binary else 'r')
+ self.generator = enumerate(self.file)
return self
def __iter__(self) -> Iterator[str]:
assert self.generator is not None
@@ -64,6 +65,8 @@
yield content
self.line_number = 'exit'
def __exit__(self, exc_type, exc_value, exc_traceback) -> None:
+ if self.file is not None:
+ self.file.close()
if exc_type is not None:
raise ReadFileLineException(self.filename, self.line_number) \
from exc_value
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index bd7e3b9..6049b74 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -46,16 +46,26 @@
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
)
+
else()
foreach(file ${base_generated_data_files})
link_to_source(${file})
endforeach()
endif()
-
+# CMake generates sub-makefiles for each target and calls them in subprocesses.
+# Without this command, cmake will generate rules in each sub-makefile. As a result,
+# they can cause race conditions in parallel builds.
+# With this line, only 4 sub-makefiles include the above command, that reduces
+# the risk of a race.
+add_custom_target(test_suite_generated_data DEPENDS ${generated_data_files})
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
@@ -119,6 +129,7 @@
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_dependencies(test_suite_${data_name} test_suite_generated_data)
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
# files (used by some invasive tests) from ../library. Public header
@@ -140,10 +151,6 @@
# on non-POSIX platforms.
add_definitions("-D_POSIX_C_SOURCE=200809L")
-if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
-endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
-
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG)
@@ -154,96 +161,19 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
-add_test_suite(aes aes.cbc)
-add_test_suite(aes aes.cfb)
-add_test_suite(aes aes.ecb)
-add_test_suite(aes aes.ofb)
-add_test_suite(aes aes.rest)
-add_test_suite(aes aes.xts)
-add_test_suite(aria)
-add_test_suite(asn1parse)
-add_test_suite(asn1write)
-add_test_suite(base64)
-add_test_suite(camellia)
-add_test_suite(ccm)
-add_test_suite(chacha20)
-add_test_suite(chachapoly)
-add_test_suite(cipher cipher.aes)
-add_test_suite(cipher cipher.camellia)
-add_test_suite(cipher cipher.ccm)
-add_test_suite(cipher cipher.chacha20)
-add_test_suite(cipher cipher.chachapoly)
-add_test_suite(cipher cipher.des)
-add_test_suite(cipher cipher.gcm)
-add_test_suite(cipher cipher.misc)
-add_test_suite(cipher cipher.nist_kw)
-add_test_suite(cipher cipher.null)
-add_test_suite(cipher cipher.padding)
-add_test_suite(cmac)
-add_test_suite(ctr_drbg)
-add_test_suite(debug)
-add_test_suite(des)
-add_test_suite(dhm)
-add_test_suite(ecdh)
-add_test_suite(ecdsa)
-add_test_suite(ecjpake)
-add_test_suite(ecp)
-add_test_suite(entropy)
-add_test_suite(error)
-add_test_suite(gcm gcm.aes128_de)
-add_test_suite(gcm gcm.aes128_en)
-add_test_suite(gcm gcm.aes192_de)
-add_test_suite(gcm gcm.aes192_en)
-add_test_suite(gcm gcm.aes256_de)
-add_test_suite(gcm gcm.aes256_en)
-add_test_suite(gcm gcm.camellia)
-add_test_suite(gcm gcm.misc)
-add_test_suite(hkdf)
-add_test_suite(hmac_drbg hmac_drbg.misc)
-add_test_suite(hmac_drbg hmac_drbg.no_reseed)
-add_test_suite(hmac_drbg hmac_drbg.nopr)
-add_test_suite(hmac_drbg hmac_drbg.pr)
-add_test_suite(md)
-add_test_suite(mdx)
-add_test_suite(memory_buffer_alloc)
-add_test_suite(mpi)
-add_test_suite(mps)
-add_test_suite(net)
-add_test_suite(nist_kw)
-add_test_suite(oid)
-add_test_suite(pem)
-add_test_suite(pk)
-add_test_suite(pkcs1_v15)
-add_test_suite(pkcs1_v21)
-add_test_suite(pkcs5)
-add_test_suite(pkcs12)
-add_test_suite(pkparse)
-add_test_suite(pkwrite)
-add_test_suite(poly1305)
-add_test_suite(psa_crypto)
-add_test_suite(psa_crypto_attributes)
-add_test_suite(psa_crypto_entropy)
-add_test_suite(psa_crypto_hash)
-add_test_suite(psa_crypto_init)
-add_test_suite(psa_crypto_metadata)
-add_test_suite(psa_crypto_not_supported psa_crypto_not_supported.generated)
-add_test_suite(psa_crypto_not_supported psa_crypto_not_supported.misc)
-add_test_suite(psa_crypto_persistent_key)
-add_test_suite(psa_crypto_se_driver_hal)
-add_test_suite(psa_crypto_se_driver_hal_mocks)
-add_test_suite(psa_crypto_slot_management)
-add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.misc)
-add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.current)
-add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.v0)
-add_test_suite(psa_its)
-add_test_suite(random)
-add_test_suite(rsa)
-add_test_suite(shax)
-add_test_suite(ssl)
-add_test_suite(timing)
-add_test_suite(version)
-add_test_suite(x509parse)
-add_test_suite(x509write)
+file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data)
+list(APPEND test_suites ${base_generated_data_files})
+# If the generated .data files are present in the source tree, we just added
+# them twice, both through GLOB and through ${base_generated_data_files}.
+list(REMOVE_DUPLICATES test_suites)
+list(SORT test_suites)
+foreach(test_suite ${test_suites})
+ get_filename_component(data_name ${test_suite} NAME)
+ string(REGEX REPLACE "\\.data\$" "" data_name "${data_name}")
+ string(REPLACE "test_suite_" "" data_name "${data_name}")
+ string(REGEX MATCH "[^.]*" function_name "${data_name}")
+ add_test_suite(${function_name} ${data_name})
+endforeach(test_suite)
# Make scripts and data files needed for testing available in an
# out-of-source build.
diff --git a/tests/Makefile b/tests/Makefile
index 94a834e..0d08f84 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -84,6 +84,10 @@
.SECONDARY: generated_psa_test_data
$(GENERATED_DATA_FILES): generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
+generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
+generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
+generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
+generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
diff --git a/tests/compat.sh b/tests/compat.sh
index ce77658..d681217 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -67,17 +67,18 @@
fi
# default values for options
+# /!\ keep this synchronised with:
+# - basic-build-test.sh
+# - all.sh (multiple components)
MODES="tls12 dtls12"
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
-# exclude:
-# - NULL: excluded from our default config
-# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
+# By default, exclude:
+# - NULL: excluded from our default config + requires OpenSSL legacy
+# - ARIA: requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
-# - 3DES: not in default config
-EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'
+EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -213,15 +214,6 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
- # supports from the s_server help. (The s_client help isn't
- # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
- # But the s_server help seems to be accurate.)
- if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
- M_CIPHERS=""
- O_CIPHERS=""
- fi
-
# For GnuTLS client -> mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
@@ -254,73 +246,50 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-NULL-SHA \
+ "
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-WITH-AES-256-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA \
+ TLS-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-WITH-AES-256-CBC-SHA \
+ TLS-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-RSA-WITH-AES-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-RSA-WITH-3DES-EDE-CBC-SHA \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \
+ TLS-RSA-WITH-NULL-SHA256 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-RSA-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-WITH-NULL-SHA256 \
- "
- fi
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \
"
@@ -346,7 +315,7 @@
#
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see
-# https://github.com/ARMmbed/mbedtls/issues/1419
+# https://github.com/Mbed-TLS/mbedtls/issues/1419
#
# ChachaPoly suites are here rather than in "common", as they were added in
# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
@@ -356,62 +325,43 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-NULL-SHA \
- TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-NULL-SHA \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
"RSA")
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-DES-CBC-SHA \
- TLS-DHE-RSA-WITH-DES-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
"
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
"PSK")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
esac
@@ -433,115 +383,96 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-AES-128-CCM \
+ TLS-DHE-RSA-WITH-AES-128-CCM-8 \
+ TLS-DHE-RSA-WITH-AES-256-CCM \
+ TLS-DHE-RSA-WITH-AES-256-CCM-8 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-WITH-AES-128-CCM \
+ TLS-RSA-WITH-AES-128-CCM-8 \
+ TLS-RSA-WITH-AES-256-CCM \
+ TLS-RSA-WITH-AES-256-CCM-8 \
+ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"PSK")
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-AES-128-CCM \
+ TLS-DHE-PSK-WITH-AES-128-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-AES-256-CCM \
+ TLS-DHE-PSK-WITH-AES-256-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA256 \
+ TLS-DHE-PSK-WITH-NULL-SHA384 \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA256 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA384 \
+ TLS-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-PSK-WITH-AES-128-CCM \
+ TLS-PSK-WITH-AES-128-CCM-8 \
+ TLS-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-PSK-WITH-AES-256-CCM \
+ TLS-PSK-WITH-AES-256-CCM-8 \
+ TLS-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-NULL-SHA256 \
+ TLS-PSK-WITH-NULL-SHA384 \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-NULL-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA384 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-NULL-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA256 \
- TLS-DHE-PSK-WITH-NULL-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
- "
- fi
;;
esac
@@ -560,83 +491,65 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"PSK")
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
- M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-NULL-SHA \
- TLS-DHE-PSK-WITH-NULL-SHA \
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA \
+ TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA \
+ TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-NULL-SHA \
+ TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-NULL-SHA \
- TLS-RSA-PSK-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
esac
}
setup_arguments()
{
+ O_MODE=""
G_MODE=""
case "$MODE" in
"tls12")
+ O_MODE="tls1_2"
G_PRIO_MODE="+VERS-TLS1.2"
;;
"dtls12")
+ O_MODE="dtls1_2"
G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u"
;;
@@ -653,7 +566,7 @@
fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
+ O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
@@ -678,7 +591,7 @@
fi
M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
- O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
+ O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE"
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
@@ -1077,6 +990,15 @@
continue;
fi
+ # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+ # supports $O_MODE from the s_server help. (The s_client
+ # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+ # but doesn't list it. But the s_server help seems to be
+ # accurate.)
+ if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
+ continue;
+ fi
+
reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h
index e7bdbeb..b065c2d 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/config-wrapper-malloc-0-null.h
@@ -21,6 +21,8 @@
#include "mbedtls/mbedtls_config.h"
#include <stdlib.h>
+
+#ifndef MBEDTLS_PLATFORM_STD_CALLOC
static inline void *custom_calloc( size_t nmemb, size_t size )
{
if( nmemb == 0 || size == 0 )
@@ -30,3 +32,4 @@
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
+#endif
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
new file mode 100644
index 0000000..0a22c54
--- /dev/null
+++ b/tests/configs/tls13-only.h
@@ -0,0 +1,34 @@
+/* MBEDTLS_USER_CONFIG_FILE for testing.
+ * Only used for a few test configurations.
+ *
+ * Typical usage (note multiple levels of quoting):
+ * make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
+#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#undef MBEDTLS_SSL_PROTO_TLS1_2
+#undef MBEDTLS_SSL_PROTO_DTLS
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
index 50f5a7f..28d33b7 100644
--- a/tests/docker/bionic/Dockerfile
+++ b/tests/docker/bionic/Dockerfile
@@ -60,6 +60,10 @@
pkg-config \
&& rm -rf /var/lib/apt/lists/*
+# Jinja2 is required for driver dispatch code generation.
+RUN python3 -m pip install \
+ jinja2==2.10.1 types-jinja2
+
# Build a static, legacy openssl from sources with sslv3 enabled
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h
new file mode 100644
index 0000000..40eed2d
--- /dev/null
+++ b/tests/include/baremetal-override/time.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"
diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h
new file mode 100644
index 0000000..595e18d
--- /dev/null
+++ b/tests/include/test/drivers/asymmetric_encryption.h
@@ -0,0 +1,79 @@
+/*
+ * Test driver for asymmetric encryption.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
+#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
+
+#include "mbedtls/build_info.h"
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+#include <psa/crypto.h>
+
+typedef struct {
+ /* If non-null, on success, copy this to the output. */
+ void *forced_output;
+ size_t forced_output_length;
+ /* If not PSA_SUCCESS, return this error code instead of processing the
+ * function call. */
+ psa_status_t forced_status;
+ /* Count the amount of times one of the asymmetric_encryption driver
+ functions is called. */
+ unsigned long hits;
+} mbedtls_test_driver_asymmetric_encryption_hooks_t;
+
+#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 }
+
+static inline mbedtls_test_driver_asymmetric_encryption_hooks_t
+ mbedtls_test_driver_asymmetric_encryption_hooks_init( void )
+{
+ const mbedtls_test_driver_asymmetric_encryption_hooks_t v =
+ MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
+ return( v );
+}
+
+extern mbedtls_test_driver_asymmetric_encryption_hooks_t
+ mbedtls_test_driver_asymmetric_encryption_hooks;
+
+psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key,
+ size_t key_length, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key,
+ size_t key_length, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index ba1e04a..1f33da1 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -38,9 +38,15 @@
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
+ /* Location of the last key management driver called to import a key. */
+ psa_key_location_t location;
} mbedtls_test_driver_key_management_hooks_t;
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
+/* The location is initialized to the invalid value 0x800000. Invalid in the
+ * sense that no PSA specification will assign a meaning to this location
+ * (stated first in version 1.0.1 of the specification) and that it is not
+ * used as a location of an opaque test drivers. */
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 }
static inline mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks_init( void )
{
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 47e92b7..098b21a 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -28,5 +28,6 @@
#include "test/drivers/mac.h"
#include "test/drivers/key_management.h"
#include "test/drivers/signature.h"
+#include "test/drivers/asymmetric_encryption.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index f5622e2..6f42882 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -282,8 +282,11 @@
/** \def USE_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
- * is enabled and do nothing otherwise. If the initialization fails, mark
- * the test case as failed and jump to the \p exit label.
+ * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
+ * TLS 1.3 one uses PSA independently of the definition of
+ * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. If the
+ * initialization fails, mark the test case as failed and jump to the \p exit
+ * label.
*/
/** \def USE_PSA_DONE
*
@@ -291,15 +294,15 @@
* This is like #PSA_DONE, except that it does nothing if
* #MBEDTLS_USE_PSA_CRYPTO is disabled.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USE_PSA_INIT( ) PSA_INIT( )
#define USE_PSA_DONE( ) PSA_DONE( )
-#else /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define USE_PSA_INIT( ) ( (void) 0 )
#define USE_PSA_DONE( ) ( (void) 0 )
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index ed60686..2914e1e 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -20,7 +20,7 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `generate_tls13_compat_tests.py -a`.
+# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
@@ -29,3432 +29,1726 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3462,15 +1756,2641 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0403 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0503 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0603 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6e17a91..8528a4f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -883,7 +883,6 @@
msg "build: make, default config (out-of-box)" # ~1min
make
# Disable fancy stuff
- SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE"
unset MBEDTLS_TEST_OUTCOME_FILE
msg "test: main suites make, default config (out-of-box)" # ~10s
@@ -891,9 +890,6 @@
msg "selftest: make, default config (out-of-box)" # ~10s
programs/test/selftest
-
- export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE"
- unset SAVE_MBEDTLS_TEST_OUTCOME_FILE
}
component_test_default_cmake_gcc_asan () {
@@ -940,9 +936,8 @@
}
component_test_psa_crypto_key_id_encodes_owner () {
- msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+ msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -960,9 +955,8 @@
}
component_build_psa_crypto_spm () {
- msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
+ msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
@@ -1065,6 +1059,7 @@
scripts/config.py full
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1110,6 +1105,7 @@
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1162,6 +1158,7 @@
msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS"
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
@@ -1229,7 +1226,7 @@
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
component_test_everest_curve25519_only () {
@@ -1317,8 +1314,8 @@
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
- msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full config)" # ~ 2 min
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1331,6 +1328,25 @@
# - or alternatively, change the build type to MemSanDbg, which enables
# origin tracking and nicer stack traces (which are useful for debugging
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
+ msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
+ make
+
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
+ make test
+}
+
+component_test_memsan_constant_flow_psa () {
+ # This tests both (1) accesses to undefined memory, and (2) branches or
+ # memory access depending on secret values. To distinguish between those:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
+ # - or alternatively, change the build type to MemSanDbg, which enables
+ # origin tracking and nicer stack traces (which are useful for debugging
+ # anyway), and check if the origin was TEST_CF_SECRET() or something else.
msg "build: cmake MSan (clang), full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
@@ -1352,6 +1368,29 @@
# - or alternatively, build with debug info and manually run the offending
# test suite with valgrind --track-origins=yes, then check if the origin
# was TEST_CF_SECRET() or something else.
+ msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make
+
+ # this only shows a summary of the results (how many of each type)
+ # details are left in Testing/<date>/DynamicAnalysis.xml
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
+ make memcheck
+}
+
+component_test_valgrind_constant_flow_psa () {
+ # This tests both (1) everything that valgrind's memcheck usually checks
+ # (heap buffer overflows, use of uninitialized memory, use-after-free,
+ # etc.) and (2) branches or memory access depending on secret values,
+ # which will be reported as uninitialized memory. To distinguish between
+ # secret and actually uninitialized:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
+ # - or alternatively, build with debug info and manually run the offending
+ # test suite with valgrind --track-origins=yes, then check if the origin
+ # was TEST_CF_SECRET() or something else.
msg "build: cmake release GCC, full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
@@ -1441,9 +1480,24 @@
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
- make CFLAGS='-O1 -Werror'
+ make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
+support_build_crypto_baremetal () {
+ support_build_baremetal "$@"
+}
+
+component_build_baremetal () {
+ msg "build: make, baremetal config"
+ scripts/config.py baremetal
+ make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
+}
+support_build_baremetal () {
+ # Older Glibc versions include time.h from other headers such as stdlib.h,
+ # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this
+ # problem, Ubuntu 18.04 is ok.
+ ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
+}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
@@ -1504,6 +1558,12 @@
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
# directly and assumes the implementation works with partial groups.
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
# Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
# MBEDTLS_XXX_YYY_ALT which are for single functions.
scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
@@ -1547,8 +1607,8 @@
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
tests/compat.sh
- msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1577,6 +1637,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -1584,10 +1645,7 @@
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
- unset loc_accel_flags
- unset loc_accel_list
-
- if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdsa_ library/ecdsa.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
make test
@@ -1666,11 +1724,8 @@
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
- unset loc_accel_flags
- unset loc_accel_list
-
- if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
- if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
+ not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
+ not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
make test
@@ -1705,11 +1760,8 @@
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
- unset loc_accel_flags
- unset loc_accel_list
-
- if_build_succeeded not grep mbedtls_sha512_init library/sha512.o
- if_build_succeeded not grep mbedtls_sha1_init library/sha1.o
+ not grep mbedtls_sha512_init library/sha512.o
+ not grep mbedtls_sha1_init library/sha1.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
make test
@@ -1745,10 +1797,7 @@
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
- unset loc_accel_flags
- unset loc_accel_list
-
- if_build_succeeded not grep mbedtls_des* library/des.o
+ not grep mbedtls_des* library/des.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
make test
@@ -1761,6 +1810,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
@@ -1791,6 +1841,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -1807,6 +1858,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -1825,6 +1877,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -1839,6 +1892,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -1853,6 +1907,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -1866,6 +1921,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_HKDF_C
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
@@ -1881,6 +1937,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1899,6 +1956,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1917,6 +1975,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1935,6 +1994,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1952,6 +2012,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1970,6 +2031,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1987,6 +2049,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -2005,6 +2068,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
@@ -2021,6 +2085,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
@@ -2037,6 +2102,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
@@ -2053,6 +2119,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
@@ -2069,6 +2136,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -2083,6 +2151,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -2127,14 +2196,14 @@
}
component_build_no_ssl_srv () {
- msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
+ msg "build: full config except SSL server, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
}
component_build_no_ssl_cli () {
- msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
+ msg "build: full config except SSL client, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
@@ -2257,18 +2326,6 @@
tests/compat.sh
}
-component_test_CID_no_debug() {
- msg "build: Connection ID enabled, debug disabled"
- scripts/config.py unset MBEDTLS_DEBUG_C
- scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
-
- CC=gcc cmake .
- make
-
- msg "test: Connection ID enabled, debug disabled"
- make test
-}
-
component_test_ssl_alloc_buffer_and_mfl () {
msg "build: default config with memory buffer allocator and MFL extension"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
@@ -2428,7 +2485,6 @@
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
- unset loc_cflags
msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
make test
@@ -2532,7 +2588,7 @@
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
@@ -2634,25 +2690,25 @@
}
component_build_arm_none_eabi_gcc () {
- msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
scripts/config.py baremetal
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
- msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1"
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_linux_gnueabi_gcc_arm5vte () {
- msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
+ msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
scripts/config.py baremetal
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
- # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
+ # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
# Build everything including programs, see for example
- # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720
+ # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
- msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1"
+ msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
@@ -2660,23 +2716,23 @@
}
component_build_arm_none_eabi_gcc_arm5vte () {
- msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s
scripts/config.py baremetal
# This is an imperfect substitute for
# component_build_arm_linux_gnueabi_gcc_arm5vte
# in case the gcc-arm-linux-gnueabi toolchain is not available
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
- msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_none_eabi_gcc_m0plus () {
- msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s
- scripts/config.py baremetal
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s
+ scripts/config.py baremetal_size
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
- msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os"
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
@@ -2701,6 +2757,9 @@
component_build_armcc () {
msg "build: ARM Compiler 5"
scripts/config.py baremetal
+ # armc[56] don't support SHA-512 intrinsics
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
msg "size: ARM Compiler 5"
@@ -2720,8 +2779,19 @@
# ARM Compiler 6 - Target ARMv8-M
armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main"
- # ARM Compiler 6 - Target ARMv8-A - AArch64
- armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
+ # ARM Compiler 6 - Target ARMv8.2-A - AArch64
+ armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
+}
+
+component_test_tls13_only () {
+ msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
+ if_build_succeeded make test
+
+ msg "ssl-opt.sh (TLS 1.3)"
+ if_build_succeeded tests/ssl-opt.sh
}
component_test_tls13 () {
@@ -2734,7 +2804,7 @@
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test
msg "ssl-opt.sh (TLS 1.3)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_tls13_no_compatibility_mode () {
@@ -2747,7 +2817,7 @@
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_tls13_with_padding () {
@@ -2760,7 +2830,7 @@
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
make test
msg "ssl-opt.sh (TLS 1.3 with padding)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_tls13_with_ecp_restartable () {
@@ -2773,7 +2843,7 @@
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
make test
msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_tls13_with_everest () {
@@ -2787,7 +2857,7 @@
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
make test
msg "ssl-opt.sh (TLS 1.3 with everest)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_build_mingw () {
@@ -2896,57 +2966,52 @@
msg "test: cmake 'out-of-source' build"
make test
- # Test an SSL option that requires an auxiliary script in test/scripts/.
+ # Check that ssl-opt.sh can find the test programs.
# Also ensure that there are no error messages such as
# "No such file or directory", which would indicate that some required
# file is missing (ssl-opt.sh tolerates the absence of some files so
# may exit with status 0 but emit errors).
- ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
+ ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err
+ grep PASS ssl-opt.out
cat ssl-opt.err >&2
# If ssl-opt.err is non-empty, record an error and keep going.
[ ! -s ssl-opt.err ]
- rm ssl-opt.err
+ rm ssl-opt.out ssl-opt.err
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
}
component_test_cmake_as_subdirectory () {
msg "build: cmake 'as-subdirectory' build"
- MBEDTLS_ROOT_DIR="$PWD"
-
cd programs/test/cmake_subproject
cmake .
make
./cmake_subproject
-
- cd "$MBEDTLS_ROOT_DIR"
- unset MBEDTLS_ROOT_DIR
+}
+support_test_cmake_as_subdirectory () {
+ support_test_cmake_out_of_source
}
component_test_cmake_as_package () {
msg "build: cmake 'as-package' build"
- MBEDTLS_ROOT_DIR="$PWD"
-
cd programs/test/cmake_package
cmake .
make
./cmake_package
-
- cd "$MBEDTLS_ROOT_DIR"
- unset MBEDTLS_ROOT_DIR
+}
+support_test_cmake_as_package () {
+ support_test_cmake_out_of_source
}
component_test_cmake_as_package_install () {
msg "build: cmake 'as-installed-package' build"
- MBEDTLS_ROOT_DIR="$PWD"
-
cd programs/test/cmake_package_install
cmake .
make
./cmake_package_install
-
- cd "$MBEDTLS_ROOT_DIR"
- unset MBEDTLS_ROOT_DIR
+}
+support_test_cmake_as_package_install () {
+ support_test_cmake_out_of_source
}
component_test_zeroize () {
@@ -2975,8 +3040,6 @@
make clean
done
done
-
- unset gdb_disable_aslr
}
component_test_psa_compliance () {
@@ -3061,7 +3124,7 @@
local dd_cmd
dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
case $OSTYPE in
- linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none)
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
esac
"${dd_cmd[@]}"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 73f16bd..d06a059 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -7,7 +7,6 @@
"""
import argparse
-import re
import sys
import traceback
@@ -51,29 +50,9 @@
"""
return len(self.successes) + len(self.failures)
-class TestDescriptions(check_test_cases.TestDescriptionExplorer):
- """Collect the available test cases."""
-
- def __init__(self):
- super().__init__()
- self.descriptions = set()
-
- def process_test_case(self, _per_file_state,
- file_name, _line_number, description):
- """Record an available test case."""
- base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name))
- key = ';'.join([base_name, description.decode('utf-8')])
- self.descriptions.add(key)
-
-def collect_available_test_cases():
- """Collect the available test cases."""
- explorer = TestDescriptions()
- explorer.walk_all()
- return sorted(explorer.descriptions)
-
def analyze_coverage(results, outcomes):
"""Check that all available test cases are executed at least once."""
- available = collect_available_test_cases()
+ available = check_test_cases.collect_available_test_cases()
for key in available:
hits = outcomes[key].hits() if key in outcomes else 0
if hits == 0:
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index cf68b4e..31beb1c 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -121,13 +121,13 @@
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
- sh compat.sh -m 'tls1_2 dtls1_2'
+ sh compat.sh
echo
- echo '#### compat.sh: legacy (null, DES)'
+ echo '#### compat.sh: legacy (null)'
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES'
+ sh compat.sh -e '^$' -f 'NULL'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 994fd24..1736f24 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -76,7 +76,7 @@
for FILE in "$@"; do
if [ -e "$FILE" ]; then
- cp "$FILE" "$FILE.bak"
+ cp -p "$FILE" "$FILE.bak"
else
rm -f "$FILE.bak"
fi
@@ -86,17 +86,18 @@
# Compare the script output to the old files and remove backups
for FILE in "$@"; do
- if ! diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
+ if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
+ # Move the original file back so that $FILE's timestamp doesn't
+ # change (avoids spurious rebuilds with make).
+ mv "$FILE.bak" "$FILE"
+ else
echo "'$FILE' was either modified or deleted by '$SCRIPT'"
if [ -z "$UPDATE" ]; then
exit 1
+ else
+ rm -f "$FILE.bak"
fi
fi
- if [ -z "$UPDATE" ]; then
- mv "$FILE.bak" "$FILE"
- else
- rm -f "$FILE.bak"
- fi
done
if [ -n "$directory" ]; then
@@ -117,6 +118,7 @@
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
+check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
# generate_visualc_files enumerates source files (library/*.c). It doesn't
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index 449803a5..dbf0365 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -17,7 +17,7 @@
# Purpose: check Python files for potential programming errors or maintenance
# hurdles. Run pylint to detect some potential mistakes and enforce PEP8
-# coding standards. If available, run mypy to perform static type checking.
+# coding standards. Run mypy to perform static type checking.
# We'll keep going on errors and report the status at the end.
ret=0
@@ -72,12 +72,9 @@
ret=1
}
-# Check types if mypy is available
-if can_mypy; then
- echo
- echo 'Running mypy ...'
- $PYTHON -m mypy scripts/*.py tests/scripts/*.py ||
- ret=1
-fi
+echo
+echo 'Running mypy ...'
+$PYTHON -m mypy scripts/*.py tests/scripts/*.py ||
+ ret=1
exit $ret
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
index f9ae36c..d84ed04 100755
--- a/tests/scripts/check_test_cases.py
+++ b/tests/scripts/check_test_cases.py
@@ -137,6 +137,26 @@
'*.sh')):
self.walk_ssl_opt_sh(ssl_opt_file_name)
+class TestDescriptions(TestDescriptionExplorer):
+ """Collect the available test cases."""
+
+ def __init__(self):
+ super().__init__()
+ self.descriptions = set()
+
+ def process_test_case(self, _per_file_state,
+ file_name, _line_number, description):
+ """Record an available test case."""
+ base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name))
+ key = ';'.join([base_name, description.decode('utf-8')])
+ self.descriptions.add(key)
+
+def collect_available_test_cases():
+ """Collect the available test cases."""
+ explorer = TestDescriptions()
+ explorer.walk_all()
+ return sorted(explorer.descriptions)
+
class DescriptionChecker(TestDescriptionExplorer):
"""Check all test case descriptions.
@@ -176,6 +196,9 @@
def main():
parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('--list-all',
+ action='store_true',
+ help='List all test cases, without doing checks')
parser.add_argument('--quiet', '-q',
action='store_true',
help='Hide warnings')
@@ -183,6 +206,10 @@
action='store_false', dest='quiet',
help='Show warnings (default: on; undoes --quiet)')
options = parser.parse_args()
+ if options.list_all:
+ descriptions = collect_available_test_cases()
+ sys.stdout.write('\n'.join(descriptions + ['']))
+ return
results = Results(options)
checker = DescriptionChecker(results)
checker.walk_all()
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 47196f4..fcaca91 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -20,18 +20,24 @@
# Purpose
#
# The purpose of this test script is to validate that the library works
-# with any combination of elliptic curves. To this effect, build the library
-# and run the test suite with each tested combination of elliptic curves.
+# when only a single curve is enabled. In particular, this validates that
+# curve-specific code is guarded by the proper preprocessor conditionals,
+# both in the library and in tests.
#
-# Testing all 2^n combinations would be too much, so we only test 2*n:
+# Since this script only tests builds with a single curve, it can't detect
+# bugs that are only triggered when multiple curves are present. We do
+# also test in many configurations where all curves are enabled, as well
+# as a few configurations in configs/*.h with a restricted subset of curves.
#
-# 1. Test with a single curve, for each curve. This validates that the
-# library works with any curve, and in particular that curve-specific
-# code is guarded by the proper preprocessor conditionals.
-# 2. Test with all curves except one, for each curve. This validates that
-# the test cases have correct dependencies. Testing with a single curve
-# doesn't validate this for tests that require more than one curve.
-
+# Here are some known test gaps that could be addressed by testing all
+# 2^n combinations of support for n curves, which is impractical:
+# * There could be product bugs when curves A and B are enabled but not C.
+# For example, a MAX_SIZE calculation that forgets B, where
+# size(A) < size(B) < size(C).
+# * For test cases that require three or more curves, validate that they're
+# not missing dependencies. This is extremely rare. (For test cases that
+# require curves A and B but are missing a dependency on B, this is
+# detected in the A-only build.)
# Usage: tests/scripts/curves.pl
#
# This script should be executed from the root of the project directory.
@@ -115,31 +121,6 @@
and abort "Failed to disable $curve\n";
}
-system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
-
-# Test with $curve disabled but the others enabled, for each $curve.
-for my $curve (@curves) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- # depends on a specific curve. Also, ignore error if it wasn't enabled
- system( "scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
-
- print "\n******************************************\n";
- print "* Testing without curve: $curve\n";
- print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$curve";
-
- system( "scripts/config.py unset $curve" )
- and abort "Failed to disable $curve\n";
-
- system( "CFLAGS='-Werror -Wall -Wextra' make" )
- and abort "Failed to build: all but $curve\n";
- system( "make test" )
- and abort "Failed test suite: all but $curve\n";
-
-}
-
system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
system( "make clean" ) and die;
exit 0;
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 0d9cb36..ca94d7d 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -21,6 +21,7 @@
# limitations under the License.
import argparse
+import enum
import os
import posixpath
import re
@@ -305,6 +306,145 @@
kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_key_generation(kt)
+class OpFail:
+ """Generate test cases for operations that must fail."""
+ #pylint: disable=too-few-public-methods
+
+ class Reason(enum.Enum):
+ NOT_SUPPORTED = 0
+ INVALID = 1
+ INCOMPATIBLE = 2
+ PUBLIC = 3
+
+ def __init__(self, info: Information) -> None:
+ self.constructors = info.constructors
+ key_type_expressions = self.constructors.generate_expressions(
+ sorted(self.constructors.key_types)
+ )
+ self.key_types = [crypto_knowledge.KeyType(kt_expr)
+ for kt_expr in key_type_expressions]
+
+ def make_test_case(
+ self,
+ alg: crypto_knowledge.Algorithm,
+ category: crypto_knowledge.AlgorithmCategory,
+ reason: 'Reason',
+ kt: Optional[crypto_knowledge.KeyType] = None,
+ not_deps: FrozenSet[str] = frozenset(),
+ ) -> test_case.TestCase:
+ """Construct a failure test case for a one-key or keyless operation."""
+ #pylint: disable=too-many-arguments,too-many-locals
+ tc = test_case.TestCase()
+ pretty_alg = re.sub(r'PSA_ALG_', r'', alg.expression)
+ if reason == self.Reason.NOT_SUPPORTED:
+ short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
+ for dep in not_deps]
+ pretty_reason = '!' + '&'.join(sorted(short_deps))
+ else:
+ pretty_reason = reason.name.lower()
+ if kt:
+ key_type = kt.expression
+ pretty_type = re.sub(r'PSA_KEY_TYPE_', r'', key_type)
+ else:
+ key_type = ''
+ pretty_type = ''
+ tc.set_description('PSA {} {}: {}{}'
+ .format(category.name.lower(),
+ pretty_alg,
+ pretty_reason,
+ ' with ' + pretty_type if pretty_type else ''))
+ dependencies = automatic_dependencies(alg.base_expression, key_type)
+ for i, dep in enumerate(dependencies):
+ if dep in not_deps:
+ dependencies[i] = '!' + dep
+ tc.set_dependencies(dependencies)
+ tc.set_function(category.name.lower() + '_fail')
+ arguments = []
+ if kt:
+ key_material = kt.key_material(kt.sizes_to_test()[0])
+ arguments += [key_type, test_case.hex_string(key_material)]
+ arguments.append(alg.expression)
+ if category.is_asymmetric():
+ arguments.append('1' if reason == self.Reason.PUBLIC else '0')
+ error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
+ 'INVALID_ARGUMENT')
+ arguments.append('PSA_ERROR_' + error)
+ tc.set_arguments(arguments)
+ return tc
+
+ def no_key_test_cases(
+ self,
+ alg: crypto_knowledge.Algorithm,
+ category: crypto_knowledge.AlgorithmCategory,
+ ) -> Iterator[test_case.TestCase]:
+ """Generate failure test cases for keyless operations with the specified algorithm."""
+ if alg.can_do(category):
+ # Compatible operation, unsupported algorithm
+ for dep in automatic_dependencies(alg.base_expression):
+ yield self.make_test_case(alg, category,
+ self.Reason.NOT_SUPPORTED,
+ not_deps=frozenset([dep]))
+ else:
+ # Incompatible operation, supported algorithm
+ yield self.make_test_case(alg, category, self.Reason.INVALID)
+
+ def one_key_test_cases(
+ self,
+ alg: crypto_knowledge.Algorithm,
+ category: crypto_knowledge.AlgorithmCategory,
+ ) -> Iterator[test_case.TestCase]:
+ """Generate failure test cases for one-key operations with the specified algorithm."""
+ for kt in self.key_types:
+ key_is_compatible = kt.can_do(alg)
+ if key_is_compatible and alg.can_do(category):
+ # Compatible key and operation, unsupported algorithm
+ for dep in automatic_dependencies(alg.base_expression):
+ yield self.make_test_case(alg, category,
+ self.Reason.NOT_SUPPORTED,
+ kt=kt, not_deps=frozenset([dep]))
+ # Public key for a private-key operation
+ if category.is_asymmetric() and kt.is_public():
+ yield self.make_test_case(alg, category,
+ self.Reason.PUBLIC,
+ kt=kt)
+ elif key_is_compatible:
+ # Compatible key, incompatible operation, supported algorithm
+ yield self.make_test_case(alg, category,
+ self.Reason.INVALID,
+ kt=kt)
+ elif alg.can_do(category):
+ # Incompatible key, compatible operation, supported algorithm
+ yield self.make_test_case(alg, category,
+ self.Reason.INCOMPATIBLE,
+ kt=kt)
+ else:
+ # Incompatible key and operation. Don't test cases where
+ # multiple things are wrong, to keep the number of test
+ # cases reasonable.
+ pass
+
+ def test_cases_for_algorithm(
+ self,
+ alg: crypto_knowledge.Algorithm,
+ ) -> Iterator[test_case.TestCase]:
+ """Generate operation failure test cases for the specified algorithm."""
+ for category in crypto_knowledge.AlgorithmCategory:
+ if category == crypto_knowledge.AlgorithmCategory.PAKE:
+ # PAKE operations are not implemented yet
+ pass
+ elif category.requires_key():
+ yield from self.one_key_test_cases(alg, category)
+ else:
+ yield from self.no_key_test_cases(alg, category)
+
+ def all_test_cases(self) -> Iterator[test_case.TestCase]:
+ """Generate all test cases for operations that must fail."""
+ algorithms = sorted(self.constructors.algorithms)
+ for expr in self.constructors.generate_expressions(algorithms):
+ alg = crypto_knowledge.Algorithm(expr)
+ yield from self.test_cases_for_algorithm(alg)
+
+
class StorageKey(psa_storage.Key):
"""Representation of a key for storage format testing."""
@@ -443,51 +583,41 @@
continue
yield self.key_for_lifetime(lifetime)
- def keys_for_usage_flags(
+ def key_for_usage_flags(
self,
usage_flags: List[str],
short: Optional[str] = None,
- test_implicit_usage: Optional[bool] = False
- ) -> Iterator[StorageTestData]:
+ test_implicit_usage: Optional[bool] = True
+ ) -> StorageTestData:
"""Construct a test key for the given key usage."""
usage = ' | '.join(usage_flags) if usage_flags else '0'
if short is None:
short = re.sub(r'\bPSA_KEY_USAGE_', r'', usage)
- extra_desc = ' with implication' if test_implicit_usage else ''
+ extra_desc = ' without implication' if test_implicit_usage else ''
description = 'usage' + extra_desc + ': ' + short
key1 = StorageTestData(version=self.version,
id=1, lifetime=0x00000001,
type='PSA_KEY_TYPE_RAW_DATA', bits=8,
expected_usage=usage,
+ without_implicit_usage=not test_implicit_usage,
usage=usage, alg=0, alg2=0,
material=b'K',
description=description)
- yield key1
-
- if test_implicit_usage:
- description = 'usage without implication' + ': ' + short
- key2 = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- without_implicit_usage=True,
- usage=usage, alg=0, alg2=0,
- material=b'K',
- description=description)
- yield key2
+ return key1
def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
"""Generate test keys covering usage flags."""
known_flags = sorted(self.constructors.key_usage_flags)
- yield from self.keys_for_usage_flags(['0'], **kwargs)
+ yield self.key_for_usage_flags(['0'], **kwargs)
for usage_flag in known_flags:
- yield from self.keys_for_usage_flags([usage_flag], **kwargs)
+ yield self.key_for_usage_flags([usage_flag], **kwargs)
for flag1, flag2 in zip(known_flags,
known_flags[1:] + [known_flags[0]]):
- yield from self.keys_for_usage_flags([flag1, flag2], **kwargs)
+ yield self.key_for_usage_flags([flag1, flag2], **kwargs)
def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
known_flags = sorted(self.constructors.key_usage_flags)
- yield from self.keys_for_usage_flags(known_flags, short='all known')
+ yield self.key_for_usage_flags(known_flags, short='all known')
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
yield from self.generate_keys_for_usage_flags()
@@ -593,8 +723,8 @@
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
"""Generate test keys covering usage flags."""
- yield from self.generate_keys_for_usage_flags(test_implicit_usage=True)
- yield from self.generate_key_for_all_usage_flags()
+ yield from super().all_keys_for_usage_flags()
+ yield from self.generate_keys_for_usage_flags(test_implicit_usage=False)
def keys_for_implicit_usage(
self,
@@ -725,11 +855,15 @@
filename = self.filename_for(basename)
test_case.write_data_file(filename, test_cases)
+ # Note that targets whose name containns 'test_format' have their content
+ # validated by `abi_check.py`.
TARGETS = {
'test_suite_psa_crypto_generate_key.generated':
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: NotSupported(info).test_cases_for_not_supported(),
+ 'test_suite_psa_crypto_op_fail.generated':
+ lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index a6d2fe7..d67c222 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -28,7 +28,6 @@
import argparse
import itertools
from collections import namedtuple
-# pylint: disable=useless-super-delegation
# define certificates configuration entry
Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
@@ -71,18 +70,26 @@
'x448': 0x1e,
}
+
class TLSProgram(metaclass=abc.ABCMeta):
"""
Base class for generate server/client command.
"""
-
- def __init__(self, ciphersuite, signature_algorithm, named_group, compat_mode=True):
+ # pylint: disable=too-many-arguments
+ def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
+ cert_sig_alg=None, compat_mode=True):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
- self.add_ciphersuites(ciphersuite)
- self.add_named_groups(named_group)
- self.add_signature_algorithms(signature_algorithm)
+ self._cert_sig_algs = []
+ if ciphersuite:
+ self.add_ciphersuites(ciphersuite)
+ if named_group:
+ self.add_named_groups(named_group)
+ if signature_algorithm:
+ self.add_signature_algorithms(signature_algorithm)
+ if cert_sig_alg:
+ self.add_cert_signature_algorithms(cert_sig_alg)
self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class
@@ -95,18 +102,24 @@
self._sig_algs.extend(
[sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs])
- # add_signature_algorithms should not override by sub class
+ # add_named_groups should not override by sub class
def add_named_groups(self, *named_groups):
self._named_groups.extend(
[named_group for named_group in named_groups if named_group not in self._named_groups])
+ # add_cert_signature_algorithms should not override by sub class
+ def add_cert_signature_algorithms(self, *signature_algorithms):
+ self._cert_sig_algs.extend(
+ [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
+
@abc.abstractmethod
def pre_checks(self):
return []
@abc.abstractmethod
def cmd(self):
- pass
+ if not self._cert_sig_algs:
+ self._cert_sig_algs = list(CERTIFICATES.keys())
@abc.abstractmethod
def post_checks(self):
@@ -127,18 +140,27 @@
}
def cmd(self):
+ super().cmd()
ret = ['$O_NEXT_SRV_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._sig_algs):
+ for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-accept $SRV_PORT']
- ciphersuites = ','.join(self._ciphers)
- signature_algorithms = ','.join(self._sig_algs)
- named_groups = ','.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites),
- "-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms),
- "-groups {named_groups}".format(named_groups=named_groups)]
+
+ if self._ciphers:
+ ciphersuites = ':'.join(self._ciphers)
+ ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
+
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ signature_algorithms = ':'.join(signature_algorithms)
+ ret += ["-sigalgs {signature_algorithms}".format(
+ signature_algorithms=signature_algorithms)]
+
+ if self._named_groups:
+ named_groups = ':'.join(
+ map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
+ ret += ["-groups {named_groups}".format(named_groups=named_groups)]
+
ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
if not self._compat_mode:
ret += ['-no_middlebox']
@@ -202,10 +224,11 @@
return ['-c "HTTP/1.0 200 OK"']
def cmd(self):
+ super().cmd()
ret = ['$G_NEXT_SRV_NO_CERT', '--http',
'--disable-client-cert', '--debug=4']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._sig_algs):
+ for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
cert=cert, key=key)]
@@ -216,16 +239,33 @@
for i in map_table[item]:
if i not in priority_string_list:
yield i
- priority_string_list.extend(update_priority_string_list(
- self._sig_algs, self.SIGNATURE_ALGORITHM))
- priority_string_list.extend(
- update_priority_string_list(self._ciphers, self.CIPHER_SUITE))
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- priority_string_list = ['NONE'] + sorted(priority_string_list) + ['VERS-TLS1.3']
+
+ if self._ciphers:
+ priority_string_list.extend(update_priority_string_list(
+ self._ciphers, self.CIPHER_SUITE))
+ else:
+ priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
+
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ priority_string_list.extend(update_priority_string_list(
+ signature_algorithms, self.SIGNATURE_ALGORITHM))
+ else:
+ priority_string_list.append('SIGN-ALL')
+
+
+ if self._named_groups:
+ priority_string_list.extend(update_priority_string_list(
+ self._named_groups, self.NAMED_GROUP))
+ else:
+ priority_string_list.append('GROUP-ALL')
+
+ priority_string_list = ['NONE'] + \
+ sorted(priority_string_list) + ['VERS-TLS1.3']
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS'
+
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
@@ -248,25 +288,21 @@
'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
def cmd(self):
+ super().cmd()
ret = ['$P_CLI']
ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
- 'debug_level=4', 'force_version=tls13']
+ 'debug_level=4']
ret += ['ca_file={cafile}'.format(
- cafile=CERTIFICATES[self._sig_algs[0]].cafile)]
+ cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
if self._ciphers:
ciphers = ','.join(
map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
- if self._sig_algs:
+ if self._sig_algs + self._cert_sig_algs:
ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(self._sig_algs))]
- for sig_alg in self._sig_algs:
- if sig_alg in ('ecdsa_secp256r1_sha256',
- 'ecdsa_secp384r1_sha384',
- 'ecdsa_secp521r1_sha512'):
- self.add_named_groups(sig_alg.split('_')[1])
+ sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
if self._named_groups:
named_groups = ','.join(self._named_groups)
@@ -278,25 +314,34 @@
def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C',
- 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3',
- 'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
+ 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
- if 'rsa_pss_rsae_sha256' in self._sig_algs:
+ if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret
def post_checks(self):
- check_strings = ["ECDH curve: {group}".format(group=self._named_groups[0]),
- "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]),
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]),
- "Verifying peer X.509 certificate... ok", ]
+ check_strings = ["Protocol is TLSv1.3"]
+ if self._ciphers:
+ check_strings.append(
+ "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
+ CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
+ self.CIPHER_SUITE[self._ciphers[0]]))
+ if self._sig_algs:
+ check_strings.append(
+ "Certificate Verify: Signature algorithm ( {:04x} )".format(
+ SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
+
+ for named_group in self._named_groups:
+ check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format(
+ named_group=named_group,
+ iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
+
+ check_strings.append("Verifying peer X.509 certificate... ok")
return ['-c "{}"'.format(i) for i in check_strings]
@@ -304,24 +349,62 @@
CLIENT_CLASSES = {'mbedTLS': MbedTLSCli}
-def generate_compat_test(server=None, client=None, cipher=None, sig_alg=None, named_group=None):
+def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
"""
Generate test case with `ssl-opt.sh` format.
"""
name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
- client=client, server=server, cipher=cipher, sig_alg=sig_alg, named_group=named_group)
- server_object = SERVER_CLASSES[server](cipher, sig_alg, named_group)
- client_object = CLIENT_CLASSES[client](cipher, sig_alg, named_group)
+ client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
+
+ server_object = SERVER_CLASSES[server](ciphersuite=cipher,
+ named_group=named_group,
+ signature_algorithm=sig_alg,
+ cert_sig_alg=sig_alg)
+ client_object = CLIENT_CLASSES[client](ciphersuite=cipher,
+ named_group=named_group,
+ signature_algorithm=sig_alg,
+ cert_sig_alg=sig_alg)
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
+ cmd += ['-C "received HelloRetryRequest message"']
prefix = ' \\\n' + (' '*9)
cmd = prefix.join(cmd)
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
+def generate_hrr_compat_test(client=None, server=None,
+ client_named_group=None, server_named_group=None,
+ cert_sig_alg=None):
+ """
+ Generate Hello Retry Request test case with `ssl-opt.sh` format.
+ """
+ name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
+ client=client, server=server, c_named_group=client_named_group,
+ s_named_group=server_named_group)
+ server_object = SERVER_CLASSES[server](named_group=server_named_group,
+ cert_sig_alg=cert_sig_alg)
+
+ client_object = CLIENT_CLASSES[client](named_group=client_named_group,
+ cert_sig_alg=cert_sig_alg)
+ client_object.add_named_groups(server_named_group)
+
+ cmd = ['run_test "{}"'.format(name), '"{}"'.format(
+ server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd += server_object.post_checks()
+ cmd += client_object.post_checks()
+ cmd += ['-c "received HelloRetryRequest message"']
+ cmd += ['-c "selected_group ( {:d} )"'.format(
+ NAMED_GROUP_IANA_VALUE[server_named_group])]
+ prefix = ' \\\n' + (' '*9)
+ cmd = prefix.join(cmd)
+ return '\n'.join(server_object.pre_checks() +
+ client_object.pre_checks() +
+ [cmd])
+
+
SSL_OUTPUT_HEADER = '''#!/bin/sh
# {filename}
@@ -344,14 +427,13 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `generate_tls13_compat_tests.py -a`.
+# `{cmd}`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
#
'''
-
def main():
"""
Main function of this program
@@ -398,22 +480,38 @@
args = parser.parse_args()
def get_all_test_cases():
- for cipher, sig_alg, named_group, server, client in \
- itertools.product(CIPHER_SUITE_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(), SERVER_CLASSES.keys(),
- CLIENT_CLASSES.keys()):
- yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group,
- server=server, client=client)
+ # Generate normal compat test cases
+ for client, server, cipher, named_group, sig_alg in \
+ itertools.product(CLIENT_CLASSES.keys(),
+ SERVER_CLASSES.keys(),
+ CIPHER_SUITE_IANA_VALUE.keys(),
+ NAMED_GROUP_IANA_VALUE.keys(),
+ SIG_ALG_IANA_VALUE.keys()):
+ yield generate_compat_test(client=client, server=server,
+ cipher=cipher, named_group=named_group,
+ sig_alg=sig_alg)
+
+ # Generate Hello Retry Request compat test cases
+ for client, server, client_named_group, server_named_group in \
+ itertools.product(CLIENT_CLASSES.keys(),
+ SERVER_CLASSES.keys(),
+ NAMED_GROUP_IANA_VALUE.keys(),
+ NAMED_GROUP_IANA_VALUE.keys()):
+ if client_named_group != server_named_group:
+ yield generate_hrr_compat_test(client=client, server=server,
+ client_named_group=client_named_group,
+ server_named_group=server_named_group,
+ cert_sig_alg="ecdsa_secp256r1_sha256")
if args.generate_all_tls13_compat_tests:
if args.output:
with open(args.output, 'w', encoding="utf-8") as f:
f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output)))
+ filename=os.path.basename(args.output), cmd=' '.join(sys.argv)))
f.write('\n\n'.join(get_all_test_cases()))
f.write('\n')
else:
- print('\n'.join(get_all_test_cases()))
+ print('\n\n'.join(get_all_test_cases()))
return 0
if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index c63b511..15209b4 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -30,32 +30,41 @@
my %configs = (
'config-ccm-psk-tls1_2.h' => {
'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
+ 'test_again_with_use_psa' => 1
+ },
+ 'config-ccm-psk-dtls1_2.h' => {
+ 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
+ 'opt' => ' ',
+ 'opt_needs_debug' => 1,
+ 'test_again_with_use_psa' => 1
},
'config-no-entropy.h' => {
},
'config-suite-b.h' => {
'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
+ 'test_again_with_use_psa' => 1,
+ 'opt' => ' ',
+ 'opt_needs_debug' => 1,
},
'config-symmetric-only.h' => {
+ 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
},
'config-thread.h' => {
'opt' => '-f ECJPAKE.*nolog',
+ 'test_again_with_use_psa' => 1,
},
);
# If no config-name is provided, use all known configs.
# Otherwise, use the provided names only.
+my @configs_to_test = sort keys %configs;
if ($#ARGV >= 0) {
- my %configs_ori = ( %configs );
- %configs = ();
-
- foreach my $conf_name (@ARGV) {
- if( ! exists $configs_ori{$conf_name} ) {
+ foreach my $conf_name ( @ARGV ) {
+ if( ! exists $configs{$conf_name} ) {
die "Unknown configuration: $conf_name\n";
- } else {
- $configs{$conf_name} = $configs_ori{$conf_name};
}
}
+ @configs_to_test = @ARGV;
}
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
@@ -79,46 +88,83 @@
close SEEDFILE or die;
}
-while( my ($conf, $data) = each %configs ) {
+sub perform_test {
+ my $conf_file = $_[0];
+ my $data = $_[1];
+ my $test_with_psa = $_[2];
+
+ my $conf_name = $conf_file;
+ if ( $test_with_psa )
+ {
+ $conf_name .= "+PSA";
+ }
+
system( "cp $config_h.bak $config_h" ) and die;
system( "make clean" ) and die;
print "\n******************************************\n";
- print "* Testing configuration: $conf\n";
+ print "* Testing configuration: $conf_name\n";
print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf;
- system( "cp configs/$conf $config_h" )
- and abort "Failed to activate $conf\n";
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
- system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
- system( "make test" ) and abort "Failed test suite: $conf\n";
+ system( "cp configs/$conf_file $config_h" )
+ and abort "Failed to activate $conf_file\n";
+
+ if ( $test_with_psa )
+ {
+ system( "scripts/config.py set MBEDTLS_PSA_CRYPTO_C" );
+ system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" );
+ }
+
+ system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
+ system( "make test" ) and abort "Failed test suite: $conf_name\n";
my $compat = $data->{'compat'};
if( $compat )
{
- print "\nrunning compat.sh $compat\n";
+ print "\nrunning compat.sh $compat ($conf_name)\n";
system( "tests/compat.sh $compat" )
- and abort "Failed compat.sh: $conf\n";
+ and abort "Failed compat.sh: $conf_name\n";
}
else
{
- print "\nskipping compat.sh\n";
+ print "\nskipping compat.sh ($conf_name)\n";
}
my $opt = $data->{'opt'};
if( $opt )
{
- print "\nrunning ssl-opt.sh $opt\n";
+ if( $data->{'opt_needs_debug'} )
+ {
+ print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n";
+ $conf_name .= '+DEBUG';
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
+ system( "make clean" );
+ system( "scripts/config.py set MBEDTLS_DEBUG_C" );
+ system( "scripts/config.py set MBEDTLS_ERROR_C" );
+ system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
+ }
+
+ print "\nrunning ssl-opt.sh $opt ($conf_name)\n";
system( "tests/ssl-opt.sh $opt" )
- and abort "Failed ssl-opt.sh: $conf\n";
+ and abort "Failed ssl-opt.sh: $conf_name\n";
}
else
{
- print "\nskipping ssl-opt.sh\n";
+ print "\nskipping ssl-opt.sh ($conf_name)\n";
}
}
+foreach my $conf ( @configs_to_test ) {
+ my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'};
+ if ( $test_with_psa )
+ {
+ perform_test( $conf, $configs{$conf}, $test_with_psa );
+ }
+ perform_test( $conf, $configs{$conf}, 0 );
+}
+
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
system( "make clean" );
exit 0;
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index ea52c93..3e7a9a6 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -33,10 +33,6 @@
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
EXPECTED_FAILURES = {
- # Multipart CCM is not supported.
- # - Tracked in issue #3721
- 252, 253, 254, 255, 256, 257, 258, 259, 261,
-
# psa_hash_suspend() and psa_hash_resume() are not supported.
# - Tracked in issue #3274
262, 263
@@ -51,7 +47,7 @@
#
# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'fixes-for-mbedtls-3'
+PSA_ARCH_TESTS_REF = 'fix-pr-5139-3'
#pylint: disable=too-many-branches,too-many-statements
def main():
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
new file mode 100644
index 0000000..506c29b
--- /dev/null
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -0,0 +1,161 @@
+/*
+ * Test driver for asymmetric encryption.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <test/helpers.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa/crypto.h"
+#include "mbedtls/rsa.h"
+#include "psa_crypto_rsa.h"
+#include "string.h"
+#include "test/drivers/asymmetric_encryption.h"
+
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+#include "libtestdriver1/library/psa_crypto_rsa.h"
+#endif
+
+mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
+ MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
+
+psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
+
+ if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL )
+ {
+ if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( output,
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
+
+ return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status );
+ }
+
+ if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status );
+
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( libtestdriver1_mbedtls_psa_asymmetric_encrypt(
+ (const libtestdriver1_psa_key_attributes_t *)attributes,
+ key_buffer, key_buffer_size,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length ) );
+#else
+ return( mbedtls_psa_asymmetric_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length ) );
+#endif
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
+
+ if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL )
+ {
+ if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( output,
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
+
+ return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status );
+ }
+
+ if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status );
+
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( libtestdriver1_mbedtls_psa_asymmetric_decrypt(
+ (const libtestdriver1_psa_key_attributes_t *)attributes,
+ key_buffer, key_buffer_size,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length ) );
+#else
+ return( mbedtls_psa_asymmetric_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, input, input_length, salt, salt_length,
+ output, output_size, output_length ) );
+#endif
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+/*
+ * opaque versions - TODO
+ */
+psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key,
+ size_t key_length, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) salt_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key,
+ size_t key_length, psa_algorithm_t alg, const uint8_t *input,
+ size_t input_length, const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) salt;
+ (void) salt_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 5028073..974d498 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -29,6 +29,8 @@
#include "mbedtls/error.h"
#include "test/drivers/key_management.h"
+#include "test/drivers/test_driver.h"
+
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
@@ -259,13 +261,14 @@
size_t *key_buffer_length,
size_t *bits)
{
+ psa_key_type_t type = psa_get_key_type( attributes );
+
++mbedtls_test_driver_key_management_hooks.hits;
+ mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_key_management_hooks.forced_status );
- psa_key_type_t type = psa_get_key_type( attributes );
-
if( PSA_KEY_TYPE_IS_ECC( type ) )
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
@@ -332,6 +335,12 @@
* the clear key till we wrap it */
uint8_t *key_buffer_temp;
+ ++mbedtls_test_driver_key_management_hooks.hits;
+ mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
+
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
+
key_buffer_temp = mbedtls_calloc( 1, key_buffer_size );
if( key_buffer_temp == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index c1e76c8..71a1b78 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -764,6 +764,7 @@
#endif /* MBEDTLS_ECP_C */
{
+ (void) exported;
TEST_ASSERT( ! "Sanity check not implemented for this key type" );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 691c0e7..d207e54 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -263,6 +263,19 @@
fi
}
+# Require Mbed TLS to support the given protocol version.
+#
+# Inputs:
+# * $1: protocol version in mbedtls syntax (argument to force_version=)
+requires_protocol_version() {
+ # Support for DTLS is detected separately in detect_dtls().
+ case "$1" in
+ tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;;
+ tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;;
+ *) echo "Unknown required protocol version: $1"; exit 1;;
+ esac
+}
+
# Space-separated list of ciphersuites supported by this build of
# Mbed TLS.
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
@@ -275,24 +288,105 @@
esac
}
-# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...]
-# If CMD (call to a TLS client or server program) requires a specific
-# ciphersuite, arrange to only run the test case if this ciphersuite is
-# enabled.
-maybe_requires_ciphersuite_enabled() {
+# detect_required_features CMD [RUN_TEST_OPTION...]
+# If CMD (call to a TLS client or server program) requires certain features,
+# arrange to only run the following test case if those features are enabled.
+detect_required_features() {
case "$1" in
- *\ force_ciphersuite=*) :;;
- *) return;; # No specific required ciphersuite
+ *\ force_version=*)
+ tmp="${1##*\ force_version=}"
+ tmp="${tmp%%[!-0-9A-Z_a-z]*}"
+ requires_protocol_version "$tmp";;
esac
- ciphersuite="${1##*\ force_ciphersuite=}"
- ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}"
- shift
- requires_ciphersuite_enabled "$ciphersuite"
+ case "$1" in
+ *\ force_ciphersuite=*)
+ tmp="${1##*\ force_ciphersuite=}"
+ tmp="${tmp%%[!-0-9A-Z_a-z]*}"
+ requires_ciphersuite_enabled "$tmp";;
+ esac
- unset ciphersuite
+ case " $1 " in
+ *[-_\ =]tickets=[^0]*)
+ requires_config_enabled MBEDTLS_SSL_TICKET_C;;
+ esac
+ case " $1 " in
+ *[-_\ =]alpn=*)
+ requires_config_enabled MBEDTLS_SSL_ALPN;;
+ esac
+
+ unset tmp
}
+requires_certificate_authentication () {
+ if [ "$PSK_ONLY" = "YES" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+adapt_cmd_for_psk () {
+ case "$2" in
+ *openssl*) s='-psk abc123 -nocert';;
+ *gnutls-*) s='--pskkey=abc123';;
+ *) s='psk=abc123';;
+ esac
+ eval $1='"$2 $s"'
+ unset s
+}
+
+# maybe_adapt_for_psk [RUN_TEST_OPTION...]
+# If running in a PSK-only build, maybe adapt the test to use a pre-shared key.
+#
+# If not running in a PSK-only build, do nothing.
+# If the test looks like it doesn't use a pre-shared key but can run with a
+# pre-shared key, pass a pre-shared key. If the test looks like it can't run
+# with a pre-shared key, skip it. If the test looks like it's already using
+# a pre-shared key, do nothing.
+#
+# This code does not consider builds with ECDHE-PSK or RSA-PSK.
+#
+# Inputs:
+# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands.
+# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges).
+# * "$@": options passed to run_test.
+#
+# Outputs:
+# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments.
+# * $SKIP_NEXT: set to YES if the test can't run with PSK.
+maybe_adapt_for_psk() {
+ if [ "$PSK_ONLY" != "YES" ]; then
+ return
+ fi
+ if [ "$SKIP_NEXT" = "YES" ]; then
+ return
+ fi
+ case "$CLI_CMD $SRV_CMD" in
+ *[-_\ =]psk*|*[-_\ =]PSK*)
+ return;;
+ *force_ciphersuite*)
+ # The test case forces a non-PSK cipher suite. In some cases, a
+ # PSK cipher suite could be substituted, but we're not ready for
+ # that yet.
+ SKIP_NEXT="YES"
+ return;;
+ *\ auth_mode=*|*[-_\ =]crt[_=]*)
+ # The test case involves certificates. PSK won't do.
+ SKIP_NEXT="YES"
+ return;;
+ esac
+ adapt_cmd_for_psk CLI_CMD "$CLI_CMD"
+ adapt_cmd_for_psk SRV_CMD "$SRV_CMD"
+}
+
+case " $CONFIGS_ENABLED " in
+ *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";;
+ *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";;
+ *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";;
+ *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";;
+ *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";;
+ *) PSK_ONLY="NO";;
+esac
+
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -543,16 +637,18 @@
# record_outcome <outcome> [<failure-reason>]
# The test name must be in $NAME.
+# Use $TEST_SUITE_NAME as the test suite name if set.
record_outcome() {
echo "$1"
if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
printf '%s;%s;%s;%s;%s;%s\n' \
"$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \
- "ssl-opt" "$NAME" \
+ "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \
"$1" "${2-}" \
>>"$MBEDTLS_TEST_OUTCOME_FILE"
fi
}
+unset TEST_SUITE_NAME
# True if the presence of the given pattern in a log definitely indicates
# that the test has failed. False if the presence is inconclusive.
@@ -664,13 +760,11 @@
fi
# Make a tight loop, server normally takes less than 1s to start.
while true; do
- SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p)
+ SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t)
# When we use a proxy, it will be listening on the same port we
# are checking for as well as the server and lsof will list both.
- # If multiple PIDs are returned, each one will be on a separate
- # line, each prepended with 'p'.
case ${newline}${SERVER_PIDS}${newline} in
- *${newline}p${2}${newline}*) break;;
+ *${newline}${2}${newline}*) break;;
esac
if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
echo "$3 START TIMEOUT"
@@ -811,6 +905,39 @@
esac
}
+# Determine what calc_verify trace is to be expected, if any.
+#
+# calc_verify is only called for two things: to calculate the
+# extended master secret, and to process client authentication.
+#
+# Warning: the current implementation assumes that extended_ms is not
+# disabled on the client or on the server.
+#
+# Inputs:
+# * $1: the value of the server auth_mode parameter.
+# 'required' if client authentication is expected,
+# 'none' or absent if not.
+# * $CONFIGS_ENABLED
+#
+# Outputs:
+# * $maybe_calc_verify: set to a trace expected in the debug logs
+set_maybe_calc_verify() {
+ maybe_calc_verify=
+ case $CONFIGS_ENABLED in
+ *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;;
+ *)
+ case ${1-} in
+ ''|none) return;;
+ required) :;;
+ *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;;
+ esac
+ esac
+ case $CONFIGS_ENABLED in
+ *\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";;
+ *) maybe_calc_verify="<= calc verify";;
+ esac
+}
+
# Compare file content
# Usage: find_in_both pattern file1 file2
# extract from file1 the first line matching the pattern
@@ -837,11 +964,15 @@
#
# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass
# extra arguments or go through wrappers.
-# Set $DTLS (0=TLS, 1=DTLS).
+#
+# Inputs:
+# * $@: supplemental options to run_test() (after the mandatory arguments).
+# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands.
+# * $DTLS: 1 if DTLS, otherwise 0.
+#
+# Outputs:
+# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
analyze_test_commands() {
- # update DTLS variable
- detect_dtls "$SRV_CMD"
-
# if the test uses DTLS but no custom proxy, add a simple proxy
# as it provides timing info that's useful to debug failures
if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
@@ -1148,9 +1279,19 @@
requires_config_enabled MBEDTLS_FS_IO;;
esac
- # If the client or serve requires a ciphersuite, check that it's enabled.
- maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
- maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
+ # Check if the test uses DTLS.
+ detect_dtls "$SRV_CMD"
+ if [ "$DTLS" -eq 1 ]; then
+ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+ fi
+
+ # If the client or server requires certain features that can be detected
+ # from their command-line arguments, check that they're enabled.
+ detect_required_features "$SRV_CMD" "$@"
+ detect_required_features "$CLI_CMD" "$@"
+
+ # If we're in a PSK-only build and the test can be adapted to PSK, do that.
+ maybe_adapt_for_psk "$@"
# should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then
@@ -1162,7 +1303,8 @@
analyze_test_commands "$@"
- TIMES_LEFT=2
+ # One regular run and two retries
+ TIMES_LEFT=3
while [ $TIMES_LEFT -gt 0 ]; do
TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
@@ -1191,48 +1333,40 @@
run_test_psa() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+ set_maybe_calc_verify none
run_test "PSA-supported ciphersuite: $1" \
"$P_SRV debug_level=3 force_version=tls12" \
- "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \
+ "$P_CLI debug_level=3 force_ciphersuite=$1" \
0 \
- -c "Successfully setup PSA-based decryption cipher context" \
- -c "Successfully setup PSA-based encryption cipher context" \
- -c "PSA calc verify" \
+ -c "$maybe_calc_verify" \
-c "calc PSA finished" \
- -s "Successfully setup PSA-based decryption cipher context" \
- -s "Successfully setup PSA-based encryption cipher context" \
- -s "PSA calc verify" \
+ -s "$maybe_calc_verify" \
-s "calc PSA finished" \
- -C "Failed to setup PSA-based cipher context"\
- -S "Failed to setup PSA-based cipher context"\
-s "Protocol is TLSv1.2" \
-c "Perform PSA-based ECDH computation."\
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
+ unset maybe_calc_verify
}
run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+ set_maybe_calc_verify none
run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \
- "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
+ "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
- -c "Successfully setup PSA-based decryption cipher context" \
- -c "Successfully setup PSA-based encryption cipher context" \
- -c "PSA calc verify" \
+ -c "$maybe_calc_verify" \
-c "calc PSA finished" \
- -s "Successfully setup PSA-based decryption cipher context" \
- -s "Successfully setup PSA-based encryption cipher context" \
- -s "PSA calc verify" \
+ -s "$maybe_calc_verify" \
-s "calc PSA finished" \
- -C "Failed to setup PSA-based cipher context"\
- -S "Failed to setup PSA-based cipher context"\
-s "Protocol is TLSv1.2" \
-c "Perform PSA-based ECDH computation."\
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
+ unset maybe_calc_verify
}
# Test that the server's memory usage after a handshake is reduced when a client specifies
@@ -1249,7 +1383,7 @@
run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
- "$P_CLI debug_level=3 force_version=tls12 \
+ "$P_CLI debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \
@@ -1268,7 +1402,7 @@
MEMORY_USAGE_MFL_16K=0
run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
- "$P_CLI debug_level=3 force_version=tls12 \
+ "$P_CLI debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \
@@ -1450,7 +1584,10 @@
# Checks that:
# - things work with all ciphersuites active (used with config-full in all.sh)
# - the expected parameters are selected
-# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
+requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
+requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
run_test "Default" \
"$P_SRV debug_level=3" \
"$P_CLI" \
@@ -1462,6 +1599,8 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
run_test "Default, DTLS" \
"$P_SRV dtls=1" \
"$P_CLI dtls=1" \
@@ -1469,12 +1608,30 @@
-s "Protocol is DTLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "TLS client auth: required" \
"$P_SRV auth_mode=required" \
"$P_CLI" \
0 \
-s "Verifying peer X.509 certificate... ok"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ -c "Key size is 256"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ -c "Key size is 128"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
@@ -1483,6 +1640,7 @@
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
@@ -1491,6 +1649,7 @@
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
@@ -1502,6 +1661,7 @@
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
@@ -1511,6 +1671,7 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -1525,12 +1686,13 @@
-S "error" \
-C "error"
-# Test using an opaque private key for client authentication
+# Test using an EC opaque private key for client authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for client authentication" \
+run_test "TLS-ECDHE-ECDSA Opaque key for client authentication" \
"$P_SRV auth_mode=required crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
@@ -1543,12 +1705,51 @@
-S "error" \
-C "error"
-# Test using an opaque private key for server authentication
+# Test using a RSA opaque private key for client authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-ECDHE-RSA Opaque key for client authentication" \
+ "$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ 0 \
+ -c "key type: Opaque" \
+ -c "Ciphersuite is TLS-ECDHE-RSA" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -s "Ciphersuite is TLS-ECDHE-RSA" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-DHE-RSA Opaque key for client authentication" \
+ "$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ 0 \
+ -c "key type: Opaque" \
+ -c "Ciphersuite is TLS-DHE-RSA" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -s "Ciphersuite is TLS-DHE-RSA" \
+ -S "error" \
+ -C "error"
+
+# Test using an EC opaque private key for server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for server authentication" \
+run_test "TLS-ECDHE-ECDSA Opaque key for server authentication" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
"$P_CLI crt_file=data_files/server5.crt \
@@ -1556,17 +1757,75 @@
0 \
-c "Verifying peer X.509 certificate... ok" \
-c "Ciphersuite is TLS-ECDHE-ECDSA" \
- -s "key types: Opaque - invalid PK" \
+ -s "key types: Opaque, none" \
-s "Ciphersuite is TLS-ECDHE-ECDSA" \
-S "error" \
-C "error"
-# Test using an opaque private key for client/server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for client/server authentication" \
+run_test "Opaque key for server authentication (ECDH-)" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1\
+ crt_file=data_files/server5.ku-ka.crt\
+ key_file=data_files/server5.key" \
+ "$P_CLI" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-ECDH-" \
+ -s "key types: Opaque, none" \
+ -s "Ciphersuite is TLS-ECDH-" \
+ -S "error" \
+ -C "error"
+
+# Test using a RSA opaque private key for server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-ECDHE-RSA Opaque key for server authentication" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-ECDHE-RSA" \
+ -s "key types: Opaque, none" \
+ -s "Ciphersuite is TLS-ECDHE-RSA" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-DHE-RSA Opaque key for server authentication" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-DHE-RSA" \
+ -s "key types: Opaque, none" \
+ -s "Ciphersuite is TLS-DHE-RSA" \
+ -S "error" \
+ -C "error"
+
+# Test using an EC opaque private key for client/server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-ECDHE-ECDSA Opaque key for client/server authentication" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
@@ -1575,12 +1834,55 @@
-c "key type: Opaque" \
-c "Verifying peer X.509 certificate... ok" \
-c "Ciphersuite is TLS-ECDHE-ECDSA" \
- -s "key types: Opaque - invalid PK" \
+ -s "key types: Opaque, none" \
-s "Verifying peer X.509 certificate... ok" \
-s "Ciphersuite is TLS-ECDHE-ECDSA" \
-S "error" \
-C "error"
+# Test using a RSA opaque private key for client/server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-ECDHE-RSA Opaque key for client/server authentication" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ 0 \
+ -c "key type: Opaque" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-ECDHE-RSA" \
+ -s "key types: Opaque, none" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -s "Ciphersuite is TLS-ECDHE-RSA" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "TLS-DHE-RSA Opaque key for client/server authentication" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ 0 \
+ -c "key type: Opaque" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-DHE-RSA" \
+ -s "key types: Opaque, none" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -s "Ciphersuite is TLS-DHE-RSA" \
+ -S "error" \
+ -C "error"
+
# Test ciphersuites which we expect to be fully supported by PSA Crypto
# and check that we don't fall back to Mbed TLS' internal crypto primitives.
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
@@ -1610,7 +1912,7 @@
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
run_test_psa_force_curve "secp224r1"
## SECP224K1 is buggy via the PSA API
-## (https://github.com/ARMmbed/mbedtls/issues/3541),
+## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
## so it is disabled in PSA even when it's enabled in Mbed TLS.
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
@@ -1622,6 +1924,7 @@
run_test_psa_force_curve "secp192k1"
# Test current time in ServerHello
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_HAVE_TIME
run_test "ServerHello contains gmt_unix_time" \
"$P_SRV debug_level=3" \
@@ -1631,6 +1934,7 @@
-F "check_server_hello_time"
# Test for uniqueness of IVs in AEAD ciphersuites
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Unique IV in GCM" \
"$P_SRV exchanges=20 debug_level=4" \
"$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
@@ -1639,6 +1943,7 @@
-U "IV used"
# Tests for certificate verification callback
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Configuration-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=0 debug_level=3" \
@@ -1649,6 +1954,7 @@
-C "Use context-specific verification callback" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Context-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=1 debug_level=3" \
@@ -1660,33 +1966,39 @@
-C "error"
# Tests for SHA-1 support
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI allow_sha1=1" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-256 allowed by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
"$P_CLI allow_sha1=0" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@@ -1695,38 +2007,45 @@
# Dummy TLS 1.3 test
# Currently only checking that passing TLS 1.3 key exchange modes to
# ssl_client2/ssl_server2 example programs works.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \
- "$P_SRV tls13_kex_modes=psk" \
- "$P_CLI tls13_kex_modes=psk" \
+run_test "TLS 1.3: key exchange mode parameter passing: PSK only" \
+ "$P_SRV tls13_kex_modes=psk debug_level=4" \
+ "$P_CLI tls13_kex_modes=psk debug_level=4" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
+run_test "TLS 1.3: key exchange mode parameter passing: PSK-ephemeral only" \
"$P_SRV tls13_kex_modes=psk_ephemeral" \
"$P_CLI tls13_kex_modes=psk_ephemeral" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
+run_test "TLS 1.3: key exchange mode parameter passing: Pure-ephemeral only" \
"$P_SRV tls13_kex_modes=ephemeral" \
"$P_CLI tls13_kex_modes=ephemeral" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
+run_test "TLS 1.3: key exchange mode parameter passing: All ephemeral" \
"$P_SRV tls13_kex_modes=ephemeral_all" \
"$P_CLI tls13_kex_modes=ephemeral_all" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \
+run_test "TLS 1.3: key exchange mode parameter passing: All PSK" \
"$P_SRV tls13_kex_modes=psk_all" \
"$P_CLI tls13_kex_modes=psk_all" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3, key exchange mode parameter passing: All" \
+run_test "TLS 1.3: key exchange mode parameter passing: All" \
"$P_SRV tls13_kex_modes=all" \
"$P_CLI tls13_kex_modes=all" \
0
# Tests for datagram packing
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client and server" \
"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
@@ -1734,6 +2053,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client only" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
@@ -1741,6 +2061,7 @@
-s "next record in same datagram" \
-C "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, server only" \
"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
@@ -1748,6 +2069,7 @@
-S "next record in same datagram" \
-c "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, neither client nor server" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
@@ -1757,6 +2079,7 @@
# Tests for Context serialization
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, CCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1765,6 +2088,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1773,6 +2097,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, GCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1781,6 +2106,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, client serializes, with CID" \
@@ -1790,6 +2116,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, CCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1798,6 +2125,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1806,6 +2134,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, GCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1814,6 +2143,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, server serializes, with CID" \
@@ -1823,6 +2153,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, CCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1831,6 +2162,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, ChaChaPoly" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1839,6 +2171,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, GCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1847,6 +2180,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, both serialize, with CID" \
@@ -1856,6 +2190,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, CCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1864,6 +2199,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1872,6 +2208,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, GCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1880,6 +2217,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, client serializes, with CID" \
@@ -1889,6 +2227,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, CCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1897,6 +2236,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1905,6 +2245,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, GCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1913,6 +2254,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, server serializes, with CID" \
@@ -1922,6 +2264,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, CCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1930,6 +2273,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, ChaChaPoly" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1938,6 +2282,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, GCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1946,6 +2291,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, both serialize, with CID" \
@@ -1955,6 +2301,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Saving the serialized context to a file" \
"$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \
@@ -1971,6 +2318,7 @@
# grep for output witnessing its use. This needs to be
# changed once the CID extension is implemented.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli enabled, Srv disabled" \
"$P_SRV debug_level=3 dtls=1 cid=0" \
@@ -1987,6 +2335,7 @@
-C "Copy CIDs into SSL transform" \
-c "Use of Connection ID was rejected by the server"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli disabled, Srv enabled" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2002,6 +2351,7 @@
-C "Copy CIDs into SSL transform" \
-s "Use of Connection ID was not offered by client"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2022,6 +2372,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
@@ -2045,6 +2396,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY mtu=800" \
@@ -2066,6 +2418,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
@@ -2089,6 +2442,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2109,6 +2463,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2129,6 +2484,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2147,6 +2503,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2167,6 +2524,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2187,6 +2545,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2207,6 +2566,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2225,6 +2585,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2245,6 +2606,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2265,6 +2627,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2285,6 +2648,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2303,6 +2667,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
@@ -2318,6 +2683,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
@@ -2333,6 +2699,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
@@ -2348,6 +2715,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
@@ -2366,6 +2734,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
@@ -2381,6 +2750,7 @@
-C "(after renegotiation) Use of Connection ID has been negotiated" \
-S "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
@@ -2396,6 +2766,7 @@
-C "(after renegotiation) Use of Connection ID has been negotiated" \
-S "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
@@ -2414,6 +2785,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
@@ -2427,6 +2799,7 @@
-c "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
@@ -2440,6 +2813,7 @@
-c "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
@@ -2456,6 +2830,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
@@ -2472,6 +2847,7 @@
-S "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID was not offered by client"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
@@ -2491,6 +2867,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
@@ -2507,6 +2884,7 @@
-S "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID was rejected by the server"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
@@ -2529,6 +2907,7 @@
# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
# tests check that the buffer contents are reallocated when the message is
# larger than the buffer.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 513
@@ -2543,6 +2922,7 @@
-s "Reallocating in_buf" \
-s "Reallocating out_buf"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 1025
@@ -2559,6 +2939,7 @@
# Tests for Encrypt-then-MAC extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: default" \
"$P_SRV debug_level=3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2571,6 +2952,7 @@
-c "using encrypt then mac" \
-s "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client enabled, server disabled" \
"$P_SRV debug_level=3 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2583,6 +2965,7 @@
-C "using encrypt then mac" \
-S "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client enabled, aead cipher" \
"$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
@@ -2595,6 +2978,7 @@
-C "using encrypt then mac" \
-S "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client disabled, server enabled" \
"$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2609,6 +2993,8 @@
# Tests for Extended Master Secret extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
run_test "Extended Master Secret: default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -2620,6 +3006,8 @@
-c "session hash for extended master secret" \
-s "session hash for extended master secret"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
run_test "Extended Master Secret: client enabled, server disabled" \
"$P_SRV debug_level=3 extended_ms=0" \
"$P_CLI debug_level=3 extended_ms=1" \
@@ -2631,6 +3019,8 @@
-C "session hash for extended master secret" \
-S "session hash for extended master secret"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
run_test "Extended Master Secret: client disabled, server enabled" \
"$P_SRV debug_level=3 extended_ms=1" \
"$P_CLI debug_level=3 extended_ms=0" \
@@ -2644,6 +3034,7 @@
# Test sending and receiving empty application data records
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=1" \
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
@@ -2652,6 +3043,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0" \
"$P_CLI auth_mode=none etm=0 request_size=0" \
@@ -2659,6 +3051,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC, DTLS: empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
@@ -2667,6 +3060,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
@@ -2677,9 +3071,9 @@
# Tests for CBC 1/n-1 record splitting
run_test "CBC Record splitting: TLS 1.2, no splitting" \
- "$P_SRV" \
+ "$P_SRV force_version=tls12" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls12" \
+ request_size=123" \
0 \
-s "Read from client: 123 bytes read" \
-S "Read from client: 1 bytes read" \
@@ -2687,6 +3081,7 @@
# Tests for Session Tickets
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2701,6 +3096,22 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: manual rotation" \
+ "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2715,6 +3126,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
@@ -2729,6 +3141,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
@@ -2743,8 +3156,9 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: openssl server" \
- "$O_SRV" \
+ "$O_SRV -tls1_2" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
@@ -2752,6 +3166,7 @@
-c "parse new session ticket" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: openssl client" \
"$P_SRV debug_level=3 tickets=1" \
"( $O_CLI -sess_out $SESSION; \
@@ -2764,8 +3179,234 @@
-s "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: AES-128-GCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: AES-192-GCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: AES-128-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: AES-192-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: AES-256-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: CAMELLIA-128-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: CAMELLIA-192-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: CAMELLIA-256-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-128-GCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-192-GCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-256-GCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-128-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-192-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: ARIA-256-CCM" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Session resume using tickets: CHACHA20-POLY1305" \
+ "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
# Tests for Session Tickets with DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: basic" \
"$P_SRV debug_level=3 dtls=1 tickets=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -2780,6 +3421,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: cache disabled" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -2794,6 +3436,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -2808,6 +3451,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \
@@ -2822,6 +3466,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@@ -2834,6 +3479,7 @@
# For reasons that aren't fully understood, this test randomly fails with high
# probability with OpenSSL 1.0.2g on the CI, see #5012.
requires_openssl_next
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -2848,6 +3494,8 @@
# Tests for Session Resume based on session-ID and cache
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2862,6 +3510,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2876,6 +3526,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: cache_max=0" \
"$P_SRV debug_level=3 tickets=0 cache_max=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2885,6 +3537,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: cache_max=1" \
"$P_SRV debug_level=3 tickets=0 cache_max=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -2894,6 +3548,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: timeout > delay" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@@ -2903,6 +3559,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2912,6 +3570,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -2921,6 +3581,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: session copy" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@@ -2930,6 +3592,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@@ -2942,8 +3606,10 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: openssl server" \
- "$O_SRV" \
+ "$O_SRV -tls1_2" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
0 \
-C "found session_ticket extension" \
@@ -2952,6 +3618,8 @@
# Tests for Session Resume based on session-ID and cache, DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: tickets enabled on client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -2966,6 +3634,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: tickets enabled on server" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -2980,6 +3650,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: cache_max=0" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -2989,6 +3661,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: cache_max=1" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -2998,6 +3672,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: timeout > delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \
@@ -3007,6 +3683,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: timeout < delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -3016,6 +3694,8 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: no timeout" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -3025,6 +3705,8 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: session copy" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \
@@ -3037,6 +3719,8 @@
# For reasons that aren't fully understood, this test randomly fails with high
# probability with OpenSSL 1.0.2g on the CI, see #5012.
requires_openssl_next
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -3049,6 +3733,8 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -3060,6 +3746,7 @@
# Tests for Max Fragment Length extension
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -3074,6 +3761,7 @@
-C "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: enabled, default, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3091,6 +3779,7 @@
-s "1 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length, DTLS: enabled, default, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3110,6 +3799,7 @@
# content length configuration.)
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: disabled, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3123,6 +3813,7 @@
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length, DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3135,6 +3826,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3150,6 +3842,7 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3165,6 +3858,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3180,6 +3874,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3195,6 +3890,7 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3210,6 +3906,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3225,6 +3922,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3240,6 +3938,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3255,6 +3954,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3270,6 +3970,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3285,6 +3986,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3300,6 +4002,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3315,6 +4018,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3330,6 +4034,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
@@ -3346,8 +4051,9 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: gnutls server" \
- "$G_SRV" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@@ -3357,6 +4063,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
@@ -3374,6 +4081,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
@@ -3392,6 +4100,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
@@ -3409,6 +4118,7 @@
# Tests for renegotiation
# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: none, for reference" \
"$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2" \
@@ -3423,6 +4133,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3437,6 +4148,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3454,6 +4166,7 @@
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3472,6 +4185,7 @@
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3487,6 +4201,7 @@
-S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: double" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3503,6 +4218,7 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation with max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -3525,6 +4241,7 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3541,6 +4258,7 @@
-c "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, default" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
@@ -3557,6 +4275,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=-1 auth_mode=optional" \
@@ -3575,6 +4294,7 @@
# delay 2 for 1 alert record + 1 application data record
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=2 auth_mode=optional" \
@@ -3592,6 +4312,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@@ -3608,6 +4329,7 @@
-s "SSL - An unexpected message was received from our peer"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@@ -3625,6 +4347,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, just below period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3643,6 +4366,7 @@
# one extra exchange to be able to complete renego
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, just above period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@@ -3660,6 +4384,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, two times period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
@@ -3677,6 +4402,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, above period, disabled" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@@ -3694,6 +4420,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3708,6 +4435,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: nbio, server-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
@@ -3722,8 +4450,9 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: openssl server, client-initiated" \
- "$O_SRV -www" \
+ "$O_SRV -www -tls1_2" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
@@ -3735,8 +4464,9 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server strict, client-initiated" \
- "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
@@ -3748,8 +4478,9 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
1 \
-c "client hello, adding renegotiation extension" \
@@ -3761,8 +4492,9 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
allow_legacy=0" \
1 \
@@ -3775,8 +4507,9 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
allow_legacy=1" \
0 \
@@ -3788,6 +4521,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, client-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3802,6 +4536,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, server-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
@@ -3817,6 +4552,7 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, renego_period overflow" \
"$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
"$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
@@ -3832,6 +4568,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
"$G_SRV -u --mtu 4096" \
"$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
@@ -3846,8 +4583,9 @@
# Test for the "secure renegotation" extension only (no actual renegotiation)
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server strict, client default" \
- "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3" \
0 \
-c "found renegotiation extension" \
@@ -3855,8 +4593,9 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client default" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3" \
0 \
-C "found renegotiation extension" \
@@ -3864,8 +4603,9 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client break legacy" \
- "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 allow_legacy=-1" \
1 \
-C "found renegotiation extension" \
@@ -3873,6 +4613,7 @@
-C "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client strict, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
@@ -3881,6 +4622,7 @@
-s "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -3889,6 +4631,7 @@
-S "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server break legacy" \
"$P_SRV debug_level=3 allow_legacy=-1" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -3899,6 +4642,7 @@
# Tests for silently dropping trailing extra bytes in .der certificates
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: no trailing bytes" \
"$P_SRV crt_file=data_files/server5-der0.crt \
key_file=data_files/server5.key" \
@@ -3907,6 +4651,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing zero byte" \
"$P_SRV crt_file=data_files/server5-der1a.crt \
key_file=data_files/server5.key" \
@@ -3915,6 +4660,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing random byte" \
"$P_SRV crt_file=data_files/server5-der1b.crt \
key_file=data_files/server5.key" \
@@ -3923,6 +4669,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 2 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der2.crt \
key_file=data_files/server5.key" \
@@ -3931,6 +4678,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 4 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der4.crt \
key_file=data_files/server5.key" \
@@ -3939,6 +4687,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 8 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der8.crt \
key_file=data_files/server5.key" \
@@ -3947,6 +4696,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 9 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der9.crt \
key_file=data_files/server5.key" \
@@ -3957,6 +4707,7 @@
# Tests for auth_mode, there are duplicated tests using ca callback for authentication
# When updating these tests, modify the matching authentication tests accordingly
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -3967,6 +4718,7 @@
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -3977,6 +4729,7 @@
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server goodcert, client optional, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
@@ -3988,6 +4741,7 @@
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server goodcert, client required, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
@@ -4006,6 +4760,7 @@
# different means to have the server ignoring the client's supported curve list.
requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4016,6 +4771,7 @@
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4025,6 +4781,7 @@
-c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4035,6 +4792,7 @@
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4044,6 +4802,7 @@
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client SHA384, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4053,6 +4812,7 @@
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client has no cert, server required (TLS)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=none \
@@ -4069,6 +4829,7 @@
-c "! mbedtls_ssl_handshake returned" \
-s "No client certification received from the client, but required by the authentication mode"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4090,6 +4851,23 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Authentication: client cert self-signed and trusted, server required" \
+ "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+ key_file=data_files/server5.key" \
+ 0 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -S "x509_verify_cert() returned" \
+ -S "! The certificate is not correctly signed" \
+ -S "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4107,6 +4885,7 @@
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4124,6 +4903,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=3 auth_mode=none" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4141,6 +4921,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -4157,6 +4938,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI" \
@@ -4167,8 +4949,9 @@
-S "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, openssl server optional" \
- "$O_SRV -verify 10" \
+ "$O_SRV -verify 10 -tls1_2" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
0 \
-C "skip parse certificate request" \
@@ -4177,8 +4960,9 @@
-c "skip write certificate verify" \
-C "! mbedtls_ssl_handshake returned"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, openssl server required" \
- "$O_SRV -Verify 10" \
+ "$O_SRV -Verify 10 -tls1_2" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
1 \
-C "skip parse certificate request" \
@@ -4199,6 +4983,7 @@
# are in place so that the semantics are consistent with the test description.
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -4208,6 +4993,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4217,6 +5003,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4227,6 +5014,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4237,6 +5025,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server default" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4246,6 +5035,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server optional" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4255,6 +5045,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4264,6 +5055,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -4273,6 +5065,7 @@
# Tests for CA list in CertificateRequest messages
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -4280,6 +5073,7 @@
0 \
-s "requested DN"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -4287,6 +5081,7 @@
0 \
-S "requested DN"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4303,6 +5098,7 @@
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4315,6 +5111,7 @@
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4335,6 +5132,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4347,6 +5145,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4358,6 +5157,7 @@
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4369,6 +5169,7 @@
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4380,6 +5181,7 @@
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4403,6 +5205,7 @@
# before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4422,6 +5225,7 @@
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4443,6 +5247,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -4454,6 +5259,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4465,6 +5271,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4477,6 +5284,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4488,6 +5296,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4499,6 +5308,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -4511,11 +5321,11 @@
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
- "$P_SRV crt_file=data_files/server5.crt \
+ "$P_SRV force_version=tls12 crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
crt_file2=data_files/server5-sha1.crt \
key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls12" \
+ "$P_CLI" \
0 \
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
@@ -4523,16 +5333,17 @@
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI server_name=localhost" \
0 \
- -S "parse ServerName extension" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4544,6 +5355,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4555,6 +5367,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4567,6 +5380,7 @@
-c "mbedtls_ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4580,6 +5394,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4593,6 +5408,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4606,6 +5422,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4624,6 +5441,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4642,6 +5460,7 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4663,16 +5482,17 @@
# Tests for SNI and DTLS
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI server_name=localhost dtls=1" \
0 \
- -S "parse ServerName extension" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4684,6 +5504,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4694,6 +5515,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no matching cert" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4706,6 +5528,7 @@
-c "mbedtls_ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4719,6 +5542,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4732,6 +5556,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4745,6 +5570,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4763,6 +5589,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4781,6 +5608,7 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
@@ -4801,6 +5629,7 @@
# Tests for non-blocking I/O: exercise a variety of handshake flows
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: basic handshake" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0" \
@@ -4809,6 +5638,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: client auth" \
"$P_SRV nbio=2 tickets=0 auth_mode=required" \
"$P_CLI nbio=2 tickets=0" \
@@ -4817,6 +5647,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1" \
@@ -4825,6 +5656,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1" \
@@ -4833,6 +5665,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -4841,6 +5674,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -4849,6 +5683,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: session-id resume" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0 reconnect=1" \
@@ -4859,6 +5694,7 @@
# Tests for event-driven I/O: exercise a variety of handshake flows
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: basic handshake" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0" \
@@ -4867,6 +5703,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: client auth" \
"$P_SRV event=1 tickets=0 auth_mode=required" \
"$P_CLI event=1 tickets=0" \
@@ -4875,6 +5712,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1" \
@@ -4883,6 +5721,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + client auth" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1" \
@@ -4891,6 +5730,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -4899,6 +5739,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -4907,6 +5748,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: session-id resume" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0 reconnect=1" \
@@ -4915,42 +5757,49 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: basic handshake" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=0" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: client auth" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=0" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + client auth" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: session-id resume" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -4962,6 +5811,7 @@
# within the same datagram as the Finished messages. In this situation, the
# server MUST NOT idle on the underlying transport after handshake completion,
# because the ApplicationData request has already been queued internally.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
-p "$P_PXY pack=50" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
@@ -4971,6 +5821,7 @@
# Tests for version negotiation
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Version check: all -> 1.2" \
"$P_SRV" \
"$P_CLI" \
@@ -4980,6 +5831,7 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: cli TLS 1.0" \
"$P_SRV" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \
@@ -4989,6 +5841,7 @@
-S "Protocol is TLSv1.0" \
-C "Handshake was completed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: cli TLS 1.1" \
"$P_SRV" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \
@@ -4998,6 +5851,7 @@
-S "Protocol is TLSv1.1" \
-C "Handshake was completed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: srv max TLS 1.0" \
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \
"$P_CLI" \
@@ -5007,6 +5861,7 @@
-S "Version: TLS1.0" \
-C "Protocol is TLSv1.0"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: srv max TLS 1.1" \
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \
"$P_CLI" \
@@ -5018,6 +5873,7 @@
# Tests for ALPN extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: none" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -5030,6 +5886,7 @@
-C "Application Layer Protocol is" \
-S "Application Layer Protocol is"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: client only" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5042,6 +5899,7 @@
-c "Application Layer Protocol is (none)" \
-S "Application Layer Protocol is"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: server only" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3" \
@@ -5054,6 +5912,7 @@
-C "Application Layer Protocol is" \
-s "Application Layer Protocol is (none)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5066,6 +5925,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli2-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abc" \
@@ -5078,6 +5938,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv2" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5090,6 +5951,7 @@
-c "Application Layer Protocol is 1234" \
-s "Application Layer Protocol is 1234"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, no common" \
"$P_SRV debug_level=3 alpn=abc,123" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5106,6 +5968,7 @@
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ds.crt" \
@@ -5114,6 +5977,7 @@
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ke.crt" \
@@ -5121,6 +5985,7 @@
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ka.crt" \
@@ -5128,6 +5993,7 @@
1 \
-C "Ciphersuite is "
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ds.crt" \
@@ -5136,6 +6002,7 @@
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5143,6 +6010,7 @@
0 \
-c "Ciphersuite is TLS-ECDH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ke.crt" \
@@ -5153,8 +6021,9 @@
# Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -5163,8 +6032,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
@@ -5173,8 +6043,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -5183,8 +6054,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
@@ -5193,8 +6065,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
@@ -5204,8 +6077,9 @@
-c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
@@ -5214,8 +6088,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -5224,8 +6099,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
- "$O_SRV -key data_files/server2.key \
+ "$O_SRV -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -5238,6 +6114,7 @@
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
@@ -5246,6 +6123,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
@@ -5254,6 +6132,7 @@
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
"$O_CLI -key data_files/server2.key \
@@ -5262,6 +6141,7 @@
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5270,6 +6150,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5280,24 +6161,28 @@
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: serverAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cs_any.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: codeSign -> fail" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cli.crt" \
@@ -5306,8 +6191,9 @@
# Tests for extendedKeyUsage, part 2: client-side checking of server cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \
- "$O_SRV -key data_files/server5.key \
+ "$O_SRV -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
@@ -5315,8 +6201,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
- "$O_SRV -key data_files/server5.key \
+ "$O_SRV -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
@@ -5324,8 +6211,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
- "$O_SRV -key data_files/server5.key \
+ "$O_SRV -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
@@ -5333,8 +6221,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \
- "$O_SRV -key data_files/server5.key \
+ "$O_SRV -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
@@ -5344,6 +6233,7 @@
# Tests for extendedKeyUsage, part 3: server-side checking of client cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5352,6 +6242,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5360,6 +6251,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5368,6 +6260,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5376,6 +6269,7 @@
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
"$O_CLI -key data_files/server5.key \
@@ -5386,6 +6280,7 @@
# Tests for DHM parameters loading
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM parameters: reference" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5394,6 +6289,7 @@
-c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2 bits)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5404,6 +6300,7 @@
# Tests for DHM client-side size checking
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client default, OK" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5411,6 +6308,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client 2048, OK" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5418,6 +6316,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1024, client default, OK" \
"$P_SRV dhm_file=data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5425,6 +6324,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 999, client 999, OK" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5432,6 +6332,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client 1000, OK" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5439,6 +6340,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5446,6 +6348,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client 1001, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5453,6 +6356,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 999, client 1000, rejected" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5460,6 +6364,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 998, client 999, rejected" \
"$P_SRV dhm_file=data_files/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5467,6 +6372,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5476,6 +6382,7 @@
# Tests for PSK callback
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: psk, no callback" \
"$P_SRV psk=abc123 psk_identity=foo" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5486,6 +6393,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5500,6 +6408,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5514,6 +6423,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5528,6 +6438,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5542,6 +6453,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5556,6 +6468,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5570,6 +6483,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
@@ -5585,6 +6499,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
@@ -5600,6 +6515,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5614,6 +6530,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5628,6 +6545,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
@@ -5643,6 +6561,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
@@ -5658,6 +6577,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5672,6 +6592,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5686,6 +6607,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5699,6 +6621,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5712,6 +6635,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5719,6 +6643,7 @@
1 \
-s "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: no psk, no callback" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5728,6 +6653,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: callback overrides other settings" \
"$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5737,6 +6663,7 @@
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: first id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5746,6 +6673,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: second id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5755,6 +6683,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: no match" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5764,6 +6693,7 @@
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: wrong key" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5776,6 +6706,7 @@
# Tests for EC J-PAKE
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: client not configured" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -5790,12 +6721,13 @@
-S "SSL - The handshake negotiation failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: server not configured" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 ecjpake_pw=bla \
force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
1 \
- -c "add ciphersuite: 0xc0ff" \
+ -c "add ciphersuite: c0ff" \
-c "adding ecjpake_kkpp extension" \
-s "found ecjpake kkpp extension" \
-s "skip ecjpake kkpp extension" \
@@ -5805,12 +6737,13 @@
-s "SSL - The handshake negotiation failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bla \
force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
0 \
- -c "add ciphersuite: 0xc0ff" \
+ -c "add ciphersuite: c0ff" \
-c "adding ecjpake_kkpp extension" \
-C "re-using cached ecjpake parameters" \
-s "found ecjpake kkpp extension" \
@@ -5823,6 +6756,7 @@
server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: password mismatch, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bad \
@@ -5832,6 +6766,7 @@
-s "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -5841,6 +6776,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS, no cookie" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -5851,6 +6787,7 @@
server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: password mismatch, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
@@ -5861,6 +6798,7 @@
# for tests with configs/config-thread.h
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS, nolog" \
"$P_SRV dtls=1 ecjpake_pw=bla" \
"$P_CLI dtls=1 ecjpake_pw=bla \
@@ -5870,6 +6808,7 @@
# Test for ClientHello without extensions
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ClientHello without extensions" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -5878,51 +6817,69 @@
# Tests for mbedtls_ssl_get_bytes_avail()
+# The server first reads buffer_size-1 bytes, then reads the remainder.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
- "$P_SRV" \
+ "$P_SRV buffer_size=100" \
"$P_CLI request_size=100" \
0 \
-s "Read from client: 100 bytes read$"
-run_test "mbedtls_ssl_get_bytes_avail: extra data" \
- "$P_SRV" \
- "$P_CLI request_size=500" \
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \
+ "$P_SRV buffer_size=100" \
+ "$P_CLI request_size=101" \
0 \
- -s "Read from client: 500 bytes read (.*+.*)"
+ -s "Read from client: 101 bytes read (100 + 1)"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_max_content_len 200
+run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \
+ "$P_SRV buffer_size=100" \
+ "$P_CLI request_size=200" \
+ 0 \
+ -s "Read from client: 200 bytes read (100 + 100)"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \
+ "$P_SRV buffer_size=100" \
+ "$P_CLI request_size=$MAX_CONTENT_LEN" \
+ 0 \
+ -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))"
# Tests for small client packets
run_test "Small client packet TLS 1.2 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=1 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-s "Read from client: 1 bytes read"
@@ -5948,37 +6905,32 @@
# Tests for small server packets
run_test "Small server packet TLS 1.2 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ "$P_SRV response_size=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
+ "$P_SRV response_size=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV response_size=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ "$P_SRV response_size=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ "$P_SRV response_size=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "Read from server: 1 bytes read"
@@ -6008,39 +6960,39 @@
}
run_test "Large client packet TLS 1.2 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=16384 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls12 etm=0 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=16384 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=16384 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 AEAD" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=16384 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls12 \
+ "$P_SRV force_version=tls12" \
+ "$P_CLI request_size=16384 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@@ -6048,46 +7000,40 @@
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
run_test "Large server packet TLS 1.2 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ "$P_SRV response_size=16384 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls12 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ "$P_SRV response_size=16384 force_version=tls12" \
+ "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "16384 bytes written in 1 fragments" \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV response_size=16384 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 trunc_hmac=1" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "16384 bytes written in 1 fragments" \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ "$P_SRV response_size=16384 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD shorter tag" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls12 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ "$P_SRV response_size=16384 force_version=tls12" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "Read from server: 16384 bytes read"
@@ -6097,6 +7043,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, default" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6110,6 +7057,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6123,6 +7071,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6136,6 +7085,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6149,6 +7099,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6167,6 +7118,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6185,6 +7137,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6203,6 +7156,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: DTLS, max_ops=1000" \
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6216,6 +7170,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000 no client auth" \
"$P_SRV curves=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6228,6 +7183,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
"$P_SRV curves=secp256r1 psk=abc123" \
"$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
@@ -6241,6 +7197,7 @@
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=0" \
"$P_SRV \
async_operations=s async_private_delay1=0 async_private_delay2=0" \
@@ -6250,6 +7207,7 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=1" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@@ -6260,6 +7218,7 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=2" \
"$P_SRV \
async_operations=s async_private_delay1=2 async_private_delay2=2" \
@@ -6273,6 +7232,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, SNI" \
"$P_SRV debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
@@ -6287,6 +7247,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, delay=0" \
"$P_SRV \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@@ -6296,6 +7257,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, delay=1" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6306,6 +7268,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@@ -6316,6 +7279,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6327,6 +7291,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6340,6 +7305,7 @@
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt callback not present" \
"$P_SRV debug_level=1 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@@ -6354,6 +7320,7 @@
# key1: ECDSA, key2: RSA; use key1 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@@ -6367,6 +7334,7 @@
# key1: ECDSA, key2: RSA; use key2 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \
async_operations=s async_private_delay2=1 \
@@ -6380,6 +7348,7 @@
# key1: ECDSA, key2: RSA; use key2 from slot 1
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 1 used with key2" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6393,6 +7362,7 @@
# key1: ECDSA, key2: RSA; use key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@@ -6403,6 +7373,7 @@
-s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6415,6 +7386,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, cancel after start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6426,6 +7398,7 @@
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6438,6 +7411,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, error in start" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6450,6 +7424,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, cancel after start" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6461,6 +7436,7 @@
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, error in resume" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6473,6 +7449,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6485,6 +7462,7 @@
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: error in resume then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6497,6 +7475,7 @@
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \
@@ -6515,6 +7494,7 @@
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \
@@ -6531,6 +7511,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, sign" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6542,6 +7523,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, sign" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6553,6 +7535,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, decrypt" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6565,6 +7548,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, decrypt" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6581,11 +7565,12 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the client side" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
0 \
- -C "client hello, adding supported_elliptic_curves extension" \
+ -C "client hello, adding supported_groups extension" \
-C "client hello, adding supported_point_formats extension" \
-S "found supported elliptic curves extension" \
-S "found supported point formats extension"
@@ -6594,6 +7579,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the server side" \
"$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
"$P_CLI debug_level=3" \
@@ -6605,11 +7591,12 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the client side" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
0 \
- -c "client hello, adding supported_elliptic_curves extension" \
+ -c "client hello, adding supported_groups extension" \
-c "client hello, adding supported_point_formats extension" \
-s "found supported elliptic curves extension" \
-s "found supported point formats extension"
@@ -6618,6 +7605,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the server side" \
"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
"$P_CLI debug_level=3" \
@@ -6627,6 +7615,7 @@
# Tests for DTLS HelloVerifyRequest
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled" \
"$P_SRV dtls=1 debug_level=2" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6638,6 +7627,7 @@
-s "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: disabled" \
"$P_SRV dtls=1 debug_level=2 cookies=0" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6649,6 +7639,7 @@
-S "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: default (failing)" \
"$P_SRV dtls=1 debug_level=2 cookies=-1" \
"$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
@@ -6661,6 +7652,7 @@
-s "SSL - The requested feature is not available"
requires_ipv6
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled, IPv6" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1" \
"$P_CLI dtls=1 debug_level=2 server_addr=::1" \
@@ -6672,6 +7664,7 @@
-s "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled, nbio" \
"$P_SRV dtls=1 nbio=2 debug_level=2" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -6686,6 +7679,7 @@
# Tests for client reconnecting from the same port with DTLS
not_with_valgrind # spurious resend
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reference" \
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \
@@ -6695,6 +7689,7 @@
-S "Client initiated reconnection from same port"
not_with_valgrind # spurious resend
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect" \
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \
@@ -6704,6 +7699,7 @@
-s "Client initiated reconnection from same port"
not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
@@ -6712,6 +7708,7 @@
-s "Client initiated reconnection from same port"
only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
@@ -6719,6 +7716,7 @@
-S "The operation timed out" \
-s "Client initiated reconnection from same port"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: no cookies" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
@@ -6726,6 +7724,7 @@
-s "The operation timed out" \
-S "Client initiated reconnection from same port"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: attacker-injected" \
-p "$P_PXY inject_clihlo=1" \
"$P_SRV dtls=1 exchanges=2 debug_level=1" \
@@ -6737,18 +7736,21 @@
# Tests for various cases of client authentication with DTLS
# (focused on handshake flows and message parsing)
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: required" \
"$P_SRV dtls=1 auth_mode=required" \
"$P_CLI dtls=1" \
0 \
-s "Verifying peer X.509 certificate... ok"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: optional, client has no cert" \
"$P_SRV dtls=1 auth_mode=optional" \
"$P_CLI dtls=1 crt_file=none key_file=none" \
0 \
-s "! Certificate was missing"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: none, client has no cert" \
"$P_SRV dtls=1 auth_mode=none" \
"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
@@ -6756,6 +7758,7 @@
-c "skip write certificate$" \
-s "! Certificate verification was skipped"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS wrong PSK: badmac alert" \
"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
"$P_CLI dtls=1 psk=abc124" \
@@ -6766,6 +7769,7 @@
# Tests for receiving fragmented handshake messages with DTLS
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (gnutls server)" \
"$G_SRV -u --mtu 2048 -a" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6774,6 +7778,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (gnutls server)" \
"$G_SRV -u --mtu 512" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6782,6 +7787,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (gnutls server)" \
"$G_SRV -u --mtu 128" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6790,6 +7796,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$G_SRV -u --mtu 128" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -6799,6 +7806,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
@@ -6813,6 +7821,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
@@ -6825,6 +7834,7 @@
-C "error" \
-s "Extra-header:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 2048" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6832,6 +7842,7 @@
-C "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 768" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6839,6 +7850,7 @@
-c "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6846,6 +7858,7 @@
-c "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -6870,6 +7883,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -6891,6 +7905,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -6916,6 +7931,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -6937,6 +7953,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
crt_file=data_files/server7_int-ca.crt \
@@ -6965,6 +7982,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
@@ -6987,6 +8005,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7015,6 +8034,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7036,6 +8056,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference) (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7056,6 +8077,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7076,6 +8098,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7096,6 +8119,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7122,6 +8146,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7154,6 +8179,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7179,6 +8205,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7203,6 +8230,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7233,6 +8261,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7257,6 +8286,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7284,6 +8314,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7321,6 +8352,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7351,6 +8383,7 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_CHACHAPOLY_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7384,6 +8417,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7417,6 +8451,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7451,6 +8486,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7484,6 +8520,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7514,6 +8551,7 @@
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
@@ -7539,6 +8577,7 @@
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7562,7 +8601,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
@@ -7585,7 +8623,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
requires_not_i686
requires_max_content_len 2048
@@ -7601,7 +8638,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
@@ -7616,7 +8652,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
@@ -7635,7 +8670,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
@@ -7653,7 +8687,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
@@ -7675,7 +8708,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
@@ -7693,7 +8725,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
@@ -7708,6 +8739,7 @@
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported" \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7727,6 +8759,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \
@@ -7745,6 +8778,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7763,6 +8797,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -7781,6 +8816,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -7798,6 +8834,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension." \
"$P_SRV dtls=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7813,6 +8850,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. mki used" \
"$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -7835,6 +8873,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -7858,6 +8897,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7871,6 +8911,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7884,6 +8925,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7897,6 +8939,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7910,6 +8953,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7923,6 +8967,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7935,6 +8980,7 @@
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \
"$P_SRV dtls=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -7945,6 +8991,7 @@
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. openssl server" \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7957,6 +9004,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7969,6 +9017,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -7981,6 +9030,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7993,6 +9043,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8005,6 +9056,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -8017,6 +9069,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8029,6 +9082,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8045,6 +9099,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8058,6 +9113,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8071,6 +9127,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8084,6 +9141,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8097,6 +9155,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8110,6 +9169,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8123,6 +9183,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \
"$P_SRV dtls=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8134,6 +9195,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. gnutls server" \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8147,6 +9209,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8160,6 +9223,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8173,6 +9237,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8186,6 +9251,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8199,6 +9265,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -8212,6 +9279,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \
"$G_SRV -u" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8225,6 +9293,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8242,6 +9311,7 @@
# Tests for specific things with "unreliable" UDP connection
not_with_valgrind # spurious resend due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: reference" \
-p "$P_PXY" \
"$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \
@@ -8260,6 +9330,7 @@
-c "HTTP/1.0 200 OK"
not_with_valgrind # spurious resend due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: duplicate every packet" \
-p "$P_PXY duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
@@ -8273,6 +9344,7 @@
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
-p "$P_PXY duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
@@ -8287,6 +9359,7 @@
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: multiple records in same datagram" \
-p "$P_PXY pack=50" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
@@ -8295,6 +9368,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
-p "$P_PXY pack=50 duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
@@ -8303,6 +9377,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
@@ -8315,6 +9390,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
@@ -8327,6 +9403,7 @@
-s "too many records with bad MAC" \
-s "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
@@ -8339,6 +9416,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
@@ -8351,6 +9429,7 @@
-s "too many records with bad MAC" \
-s "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: delay ChangeCipherSpec" \
-p "$P_PXY delay_ccs=1" \
"$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
@@ -8363,6 +9442,8 @@
# Tests for reordering support with DTLS
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8379,6 +9460,8 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8401,7 +9484,9 @@
# Certificate message; at the time of writing, together these are aroudn 1200b
# in size, so that the bound below ensures that the certificate can be reassembled
# while keeping the ServerKeyExchange.
+requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8422,8 +9507,10 @@
# The size constraints ensure that the delayed certificate message can't
# be reassembled while keeping the ServerKeyExchange message, but it can
# when dropping it first.
+requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8441,6 +9528,8 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
-p "$P_PXY delay_cli=Certificate" \
"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
@@ -8457,6 +9546,8 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-p "$P_PXY delay_srv=NewSessionTicket" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8473,6 +9564,8 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
-p "$P_PXY delay_cli=ClientKeyExchange" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8489,6 +9582,7 @@
-s "Injecting buffered CCS message" \
-s "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer encrypted Finished message" \
-p "$P_PXY delay_ccs=1" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8518,6 +9612,7 @@
# handshake, omitting CRTs.
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
"$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
@@ -8532,6 +9627,7 @@
# Tests for "randomly unreliable connection": try a variety of flows and peers
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8543,6 +9639,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
@@ -8553,6 +9650,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
@@ -8562,6 +9660,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, FS, client auth" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
@@ -8571,6 +9670,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, FS, ticket" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
@@ -8580,6 +9680,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
@@ -8589,6 +9690,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, max handshake, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
@@ -8599,6 +9701,8 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8613,6 +9717,8 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8628,6 +9734,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8643,6 +9750,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8658,6 +9766,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8674,6 +9783,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8696,6 +9806,7 @@
skip_next_test
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 2048" \
@@ -8706,6 +9817,7 @@
skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -8716,6 +9828,7 @@
skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -8726,6 +9839,7 @@
requires_gnutls
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 2048 -a" \
@@ -8737,6 +9851,7 @@
requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
@@ -8748,6 +9863,7 @@
requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
@@ -8756,6 +9872,7 @@
-s "Extra-header:" \
-c "Extra-header:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "export keys functionality" \
"$P_SRV eap_tls=1 debug_level=3" \
"$P_CLI eap_tls=1 debug_level=3" \
@@ -8786,58 +9903,36 @@
-c "Version: TLS1.3"
# TLS1.3 test cases
-# TODO: remove or rewrite this test case if #4832 is resolved.
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-skip_handshake_stage_check
-run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
- "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
- "$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \
- 1 \
- -s "SSL - The requested feature is not available" \
- -c "SSL - The requested feature is not available" \
- -s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
- -c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3: handshake dispatch test: tls13 only" \
- "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
- "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
- 1 \
- -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \
- -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
-
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
0 \
- -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \
- -c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \
- -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \
- -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \
- -c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \
- -c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \
- -c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \
+ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
+ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
+ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
+ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
+ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "ECDH curve: x25519" \
+ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \
- -c "<= parse encrypted extensions" \
+ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
- -c "=> parse certificate verify" \
- -c "<= parse certificate verify" \
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \
+ -c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3
@@ -8846,45 +9941,116 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
0 \
- -s "SERVER HELLO was queued" \
- -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \
- -c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \
- -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \
- -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \
- -c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \
- -c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \
- -c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \
- -c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \
+ -s "SERVER HELLO was queued" \
+ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
+ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
+ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
+ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
+ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "ECDH curve: x25519" \
+ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \
- -c "<= parse encrypted extensions" \
+ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
- -c "=> parse certificate verify" \
- -c "<= parse certificate verify" \
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \
+ -c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_ALPN
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+run_test "TLS 1.3: alpn - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
+ "$P_CLI debug_level=3 alpn=h2" \
+ 0 \
+ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
+ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
+ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
+ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
+ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
+ -c "<= ssl_tls13_process_server_hello" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "ECDH curve: x25519" \
+ -c "=> ssl_tls13_process_server_hello" \
+ -c "<= parse encrypted extensions" \
+ -c "Certificate verification flags clear" \
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "<= parse finished message" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 ok" \
+ -c "Application Layer Protocol is h2"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_ALPN
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+run_test "TLS 1.3: alpn - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
+ "$P_CLI debug_level=3 alpn=h2" \
+ 0 \
+ -s "SERVER HELLO was queued" \
+ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
+ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
+ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
+ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
+ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
+ -c "<= ssl_tls13_process_server_hello" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "ECDH curve: x25519" \
+ -c "=> ssl_tls13_process_server_hello" \
+ -c "<= parse encrypted extensions" \
+ -c "Certificate verification flags clear" \
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "<= parse finished message" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 OK" \
+ -c "Application Layer Protocol is h2"
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
-run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
+run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.0" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI debug_level=4" \
1 \
-s "Client's version: 3.3" \
- -c "is a fatal alert message (msg 40)" \
-S "Version: TLS1.0" \
-C "Protocol is TLSv1.0"
@@ -8893,12 +10059,11 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
-run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
+run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.1" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI debug_level=4" \
1 \
-s "Client's version: 3.3" \
- -c "is a fatal alert message (msg 40)" \
-S "Version: TLS1.1" \
-C "Protocol is TLSv1.1"
@@ -8907,9 +10072,9 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
-run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
+run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.2" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI force_version=tls13 debug_level=4" \
1 \
-s "Client's version: 3.3" \
-c "is a fatal alert message (msg 40)" \
@@ -8921,9 +10086,9 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
-run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
+run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.0" \
"$O_NEXT_SRV -msg -tls1" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI debug_level=4" \
1 \
-s "fatal protocol_version" \
-c "is a fatal alert message (msg 70)" \
@@ -8935,9 +10100,9 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
-run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
+run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.1" \
"$O_NEXT_SRV -msg -tls1_1" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI debug_level=4" \
1 \
-s "fatal protocol_version" \
-c "is a fatal alert message (msg 70)" \
@@ -8949,9 +10114,9 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
-run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
+run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \
"$O_NEXT_SRV -msg -tls1_2" \
- "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \
+ "$P_CLI force_version=tls13 debug_level=4" \
1 \
-s "fatal protocol_version" \
-c "is a fatal alert message (msg 70)" \
@@ -8960,74 +10125,401 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test "TLS 1.3: CertificateRequest check - openssl" \
- "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 force_version=tls13 " \
- 1 \
- -c "CertificateRequest not supported"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \
+ "$P_CLI debug_level=4 crt_file=none key_file=none" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -s "TLS 1.3" \
+ -c "HTTP/1.0 200 ok" \
+ -c "Protocol is TLSv1.3"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test "TLS 1.3: CertificateRequest check - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
- 1 \
- -c "CertificateRequest not supported"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \
+ "$P_CLI debug_level=3 crt_file=none key_file=none" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\
+ -s "Version: TLS1.3" \
+ -c "HTTP/1.0 200 OK" \
+ -c "Protocol is TLSv1.3"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+
requires_openssl_tls1_3
-run_test "TLS 1.3: HelloRetryRequest check - openssl" \
- "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=4 force_version=tls13" \
- 1 \
- -c "received HelloRetryRequest message" \
- -c "HRR not supported" \
- -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
+ "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \
+ key_file=data_files/cli2.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \
+ key_file=data_files/ecdsa_secp256r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \
+ key_file=data_files/ecdsa_secp256r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \
+ key_file=data_files/ecdsa_secp384r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \
+ key_file=data_files/ecdsa_secp384r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
+ -sigalgs ecdsa_secp256r1_sha256" \
+ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ 1 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "signature algorithm not in received or offered list." \
+ -C "unkown pk type"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
+ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ 1 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "signature algorithm not in received or offered list." \
+ -C "unkown pk type"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test "TLS 1.3: HelloRetryRequest check - gnutls" \
- "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI debug_level=4 force_version=tls13" \
- 1 \
+requires_openssl_tls1_3
+run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
+ "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI debug_level=4" \
+ 0 \
-c "received HelloRetryRequest message" \
- -c "HRR not supported" \
- -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \
- -s "HELLO RETRY REQUEST was queued"
+ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
+ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 ok"
-for i in $(ls opt-testcases/*.sh)
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_openssl_tls1_3
+run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
+ "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "received HelloRetryRequest message" \
+ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
+ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 ok"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
+ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "received HelloRetryRequest message" \
+ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
+ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
+ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "received HelloRetryRequest message" \
+ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
+ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -c "Protocol is TLSv1.3" \
+ -c "HTTP/1.0 200 OK"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_openssl_tls1_3
+run_test "TLS 1.3: Server side check - openssl" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -tls1_3" \
+ 1 \
+ -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s " SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3: Server side check - gnutls" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 1 \
+ -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s " SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+for i in opt-testcases/*.sh
do
- . $i
+ TEST_SUITE_NAME=${i##*/}
+ TEST_SUITE_NAME=${TEST_SUITE_NAME%.*}
+ . "$i"
done
+unset TEST_SUITE_NAME
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
0 \
+ -c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
@@ -9035,10 +10527,9 @@
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
@@ -9049,11 +10540,11 @@
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
0 \
+ -c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
@@ -9062,14 +10553,14 @@
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
+ "$P_CLI debug_level=3" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
# Test heap memory usage after handshake
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data
index 11de103..31caf3a 100644
--- a/tests/suites/test_suite_cipher.chacha20.data
+++ b/tests/suites/test_suite_cipher.chacha20.data
@@ -1,3 +1,7 @@
+Decrypt empty buffer
+depends_on:MBEDTLS_CHACHA20_C
+dec_empty_buf:MBEDTLS_CIPHER_CHACHA20:0:0
+
Chacha20 RFC 7539 Test Vector #1
depends_on:MBEDTLS_CHACHA20_C
decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0
@@ -109,3 +113,23 @@
ChaCha20 Encrypt and decrypt 32 bytes in multiple parts
depends_on:MBEDTLS_CHACHA20_C
enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16
+
+ChaCha20 IV Length 0
+depends_on:MBEDTLS_CHACHA20_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20 IV Length 11
+depends_on:MBEDTLS_CHACHA20_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20 IV Length 12
+depends_on:MBEDTLS_CHACHA20_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":12:0
+
+ChaCha20 IV Length 13
+depends_on:MBEDTLS_CHACHA20_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20 IV Length 16
+depends_on:MBEDTLS_CHACHA20_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index 8c246ad..df78917 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -121,3 +121,23 @@
Chacha20+Poly1305 RFC 7539 Test Vector #1 (streaming)
depends_on:MBEDTLS_CHACHAPOLY_C
decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20_POLY1305:-1:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"f33388860000000000004e91":"eead9d67890cbb22392336fea1851f38":0:0
+
+ChaCha20+Poly1305 IV Length 0
+depends_on:MBEDTLS_CHACHAPOLY_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20+Poly1305 IV Length 11
+depends_on:MBEDTLS_CHACHAPOLY_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":11:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20+Poly1305 IV Length 12
+depends_on:MBEDTLS_CHACHAPOLY_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":12:0
+
+ChaCha20+Poly1305 IV Length 13
+depends_on:MBEDTLS_CHACHAPOLY_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":13:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+ChaCha20+Poly1305 IV Length 16
+depends_on:MBEDTLS_CHACHAPOLY_C
+iv_len_validity:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":16:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index fd2985b..2f352c1 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -442,6 +442,9 @@
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+ else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+ iv_len = 12;
else
iv_len = sizeof(iv);
@@ -568,7 +571,9 @@
int expected_finish_ret )
{
unsigned char key[32];
- unsigned char iv[16];
+
+ unsigned char *iv = NULL;
+ size_t iv_len = 16;
mbedtls_cipher_context_t ctx_dec;
const mbedtls_cipher_info_t *cipher_info;
@@ -579,7 +584,6 @@
size_t outlen = 0;
memset( key, 0, 32 );
- memset( iv , 0, 16 );
mbedtls_cipher_init( &ctx_dec );
@@ -589,6 +593,14 @@
/* Initialise context */
cipher_info = mbedtls_cipher_info_from_type( cipher );
TEST_ASSERT( NULL != cipher_info);
+
+ if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+ iv_len = 12;
+
+ ASSERT_ALLOC( iv, iv_len );
+ memset( iv , 0, iv_len );
+
TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
@@ -597,7 +609,7 @@
key, cipher_info->key_bitlen,
MBEDTLS_DECRYPT ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
@@ -627,6 +639,7 @@
TEST_ASSERT( 0 == outlen );
exit:
+ mbedtls_free( iv );
mbedtls_cipher_free( &ctx_dec );
}
/* END_CASE */
@@ -689,6 +702,9 @@
if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
* For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+ else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
+ cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+ iv_len = 12;
else
iv_len = sizeof(iv);
@@ -1130,3 +1146,43 @@
TEST_ASSERT( dlen == (size_t) dlen_check );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void iv_len_validity( int cipher_id, char * cipher_string,
+ int iv_len_val, int ret )
+{
+ size_t iv_len = iv_len_val;
+ unsigned char iv[16];
+
+ /* Initialise iv buffer */
+ memset( iv, 0, sizeof( iv ) );
+
+ const mbedtls_cipher_info_t *cipher_info;
+ mbedtls_cipher_context_t ctx_dec;
+ mbedtls_cipher_context_t ctx_enc;
+
+ /*
+ * Prepare contexts
+ */
+ mbedtls_cipher_init( &ctx_dec );
+ mbedtls_cipher_init( &ctx_enc );
+
+ /* Check and get info structures */
+ cipher_info = mbedtls_cipher_info_from_type( cipher_id );
+ TEST_ASSERT( NULL != cipher_info );
+ TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
+ TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
+ cipher_string ) == 0 );
+
+ /* Initialise enc and dec contexts */
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
+
+ TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+ TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
+
+exit:
+ mbedtls_cipher_free( &ctx_dec );
+ mbedtls_cipher_free( &ctx_enc );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index a4cebd2..563847f 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -2731,2017 +2731,2017 @@
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":0
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d785dafea3e966731ef6fc6202262584":"d91a46205ee94058b3b8403997592dd2":"":"":"3b92a17c1b9c3578a68cffea5a5b6245":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aec963833b9098de1ababc853ab74d96":"4e0ffd93beffd732c6f7d6ad606a2d24":"":"":"e9fcedc176dfe587dc61b2011010cdf1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4fb9e3393681da9cec5ec96f87c5c31":"845e910bc055d895879f62101d08b4c7":"":"":"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2a930f2e09beceacd9919cb76f2ac8d3":"340d9af44f6370eff534c653033a785a":"":"":"0c1e5e9c8fe5edfd11f114f3503d63":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe71177e02073b1c407b5724e2263a5e":"83c23d20d2a9d4b8f92da96587c96b18":"":"":"43b2ca795420f35f6cb39f5dfa47a2":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b02392fd7f228888c281e59d1eaa15fb":"2726344ba8912c737e195424e1e6679e":"":"":"a10b601ca8053536a2af2cc255d2b6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"21895cbafc16b7b8bf5867e88e0853d4":"f987ce1005d9bbd31d2452fb80957753":"":"":"952a7e265830d58a6778d68b9450":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9bb9742bf47f68caf64963d7c10a97b0":"34a85669de64e1cd44731905fddbcbc5":"":"":"e9b6be928aa77b2de28b480ae74c":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"1c53a9fdd23919b036d99560619a9939":"":"":"6611b50d6fbca83047f9f5fe1768":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"82fede79db25f00be96eb050a22cea87":"e9c50b517ab26c89b83c1f0cac50162c":"":"":"d0c0ce9db60b77b0e31d05e048":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1d98566fca5201abb12914311a8bd532":"590aef4b46a9023405d075edab7e6849":"":"":"a1cfd1a27b341f49eda2ca8305":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3038771820c2e1319f02a74b8a7a0c08":"e556d9f07fb69d7e9a644261c80fac92":"":"":"4d2f005d662b6a8787f231c5e1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0fb7eef50de598d7d8b508d019a30d5a":"a2a2617040116c2c7e4236d2d8278213":"":"":"68413c58df7bb5f067197ca0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8cc58b609204215c8ab4908286e56e5c":"fb83ea637279332677b5f68081173e99":"":"":"a2a9160d82739a55d8cd419f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"81a5fd184742a478432963f6477e8f92":"da297cbb53b11d7c379e0566299b4d5a":"":"":"200bee49466fdda2f21f0062":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"f604ac66d626959e595cbb7b4128e096":"269d2a49d533c6bb38008711f38e0b39":"":"":"468200fa4683e8be":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2e308ba7903e925f768c1d00ff3eb623":"335acd2aa48a47a37cfe21e491f1b141":"":"":"4872bfd5e2ff55f6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1304e2a5a3520454a5109df61a67da7a":"dbe8b452acf4fa1444c3668e9ee72d26":"":"":"83a0d3440200ca95":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"ddf0b695aef5df2b594fcaae72b7e41c":"":"":"2819aedf":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9ab5c8ca905b5fe50461f4a68941144b":"96dd3927a96e16123f2e9d6b367d303f":"":"":"6e0c53ef":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b5fc7af605721a9cfe61c1ee6a4b3e22":"6b757d4055823d1035d01077666037d6":"":"":"e8c09ddd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03c0b4a6e508a8490db0d086a82c9db7":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":"":"756292d8b4653887edef51679b161812":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b228d3d15219ea9ad5651fce02c8374d":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":"":"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"776afcbabedd5577fe660a60f920b536":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":"":"a5347d41d93b587240651bcd5230264f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":"":"2a67ad1471a520fe09a304f0975f31":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2bc73fba942ff105823b5dccf6befb1c":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":"":"ebdd7c8e87fe733138a433543542d1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"356a4c245868243d61756cabe86da887":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":"":"ed26080dcb670590613d97d7c47cf4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfa7e93aff73600fc552324253066e2c":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":"":"6ba5e4dace9a54b50b901d9b73ad":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2ecea80b48d2ecd194a7699aa7d8ccfc":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":"":"246a9d37553088b6411ebb62aa16":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d38fee3fd3d6d08224c3c83529a25d08":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":"":"803a08700ec86fdeb88f7a388921":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1899b0cbae41d705c6eed3226afb5bc0":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":"":"c5d58870fee9ce157f5ec1fa8f":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b95323d86d02754f4c2874b42ec6eb0":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":"":"c4724ff1d2c57295eb733e9cad":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30da555559eb11cf7e0eff9d99e9607d":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":"":"3c82272130e17c4a0a007a908e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ed2ac74af896c5190c271cfa6af02fd2":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":"":"db8af7a0d548fc54d9457c73":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0225b73fe5fbbe52f838d873173959d8":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":"":"e2c2ce4022c49a95c9ac9026":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"89ca3771a0ef3287568b4ac036120198":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":"":"06b2bf62591dc7ec1b814705":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a41a297bd96e224942998fe2192934a1":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":"":"49a4917eef61f78e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a9372c058f42e0a1d019bdb528313919":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":"":"b82cd11cd3575c8d":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6302b7338f8fa84195ad9abbacd89b4e":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":"":"5222d092e9e8bd6c":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78b5c28d62e4b2097873a1180bd5a3a5":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":"":"eae48137":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d84130578070e036c9e3df5b5509473":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":"":"79987692":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08428605ab4742a3e8a55354d4764620":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":"":"3eb3e3a2":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd358bc3f992f26e81e3a2f3aa2d517":"d8c750bb443ee1a169dfe97cfe4d855b":"":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"43b5f18227e5c74288dbeff03801acd6":"08ee12246cf7edb81da3d610f3ebd167":"":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a433c612d7e1bdff881e4d63ba8b141":"8b670cf31f470f79a6c0b79e73863ca1":"":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8526fd25daf890e79946a205b698f287":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8e9d75c781d63b29f1816859f7a0e0a0":"748a3b486b62a164cedcf1bab9325add":"":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe6b8553002c69396d9976bb48d30779":"595b17d0d76b83780235f5e0c92bd21f":"":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14898c56009b459172fef9c17993b54f":"0862f8f87289988711a877d3231d44eb":"":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe5253d4b071793b081ebc122cc2a5f8":"49e82d86804e196421ec19ddc8541066":"":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b3502d6f0d172246e16503cdf5793296":"6ce994689ff72f9df62f386a187c1a13":"":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5fb33dd73db309b9dfd3aee605cd94bf":"3f6486f9e9e645292e0e425bac232268":"":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a958fe3b520081b638d9e4c7d5da7ac7":"c396109e96afde6f685d3c38aa3c2fae":"":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"06ca91004be43cf46ed4599e23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ec319fb143eac8215b51541daec268f2":"8a4684f42a1775b03806574f401cff78":"":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14a3e69f351ac39b4297749a90c1365c":"eb1c6c04437aa5a32bcc208bb3c01724":"":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c34827771fc3918d1cee09ba9401b832":"2379bbd39a1c22bc93b9b9cc45f3840b":"":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b1f9bd2006ec550b7b9913d383200b5d":"ca28fa6b64bb3b32ef7d211f1c8be759":"":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"c87aac7ad0e85dbb103c0733":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b2cef1a92aa0af2b00fb2a99855d5bc":"08d87b7acee87d884667f6b1e32e34d0":"":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"175c306f8644b0c4b894ae3d0971505e":"9860268ca2e10974f3726a0e5b9b310f":"":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"f809105e5fc5b13c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08c0edcfe342a676ccdc04bdf854b4b0":"4a7b70753930fe659f8cc38e5833f0c7":"":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"241067a0301edf0f825d793e03383ea1":"a30994261f48a66bb6c1fc3d69659228":"":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"36c3b4a732ba75ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03cccb5357bd2848332d1696f2ff90cb":"e0754022dfb1f813ccaf321558790806":"":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"c75f0246":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e5e53c84a05d5a5348bac7b2611cf62":"47e40543b7d16bc9122c40b106d31d43":"":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"81eec75d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2c94008bf377f90b7a1c0d2ea38f730c":"abfe92931a8411a39986b74560a38211":"":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"47d42e78":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"69eedf3777e594c30e94e9c5e2bce467":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"45cc35311eedf0ba093bf901931a7036":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"266a895fc21da5176b44b446d7d1921d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9edb5231ca4a136b4df4ae22b8588f9f":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d5fdcb8f5225090e63fae9b68f92c7cb":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"036198cd3a3ab9319684d0f811cf2992":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c9fbbff8f25f951ba874dfc5ff38584e":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3a314ec178da96311e42334a616fb38b":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e818372a63b7e2c23b524e29ba752bdb":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"3744262bc76f283964c1c15dc069":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a04f16882ff45816739d1b6697ce8b7":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"fbb37084396394fecd9581741f3c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"38cf029a4b20607030586cd2d82146e6":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"7b021de5cda915ba58f90ceef4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cf4d81fc5997c744a572bed71f4ae609":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"0a86142a0af81c8df64ba689f4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d88ad40b42ead744f1b7a36685658be1":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c3ce86a212a30e724b4c624057db4e79":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a0155360b84420b5bf4fb410ea02f31e":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"ac5addcc10cae6c1345520f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"694f621f594d96b16c32254ff06f3f9c":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78826a5215a1d5e1b39cad5a06861f8f":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"a724bbb295a02883":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d450f5253251121606e56687952bf2f1":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"6446398aff73ed23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90a59f6b0abf932311f0b65623c17740":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"dc77c1d7e0902d48":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6be4ef629f0b38194c74f7b66418922d":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"3d8fc6fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c50e37244931e8debc12b3d561c83ba2":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8531ddb03977383405baf2ee9ca7d64b":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"2fc9de46":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"862dd5b362cfa556ca37e73cff7f4a0e":"81530a243655a60d22d9ab40d2520447":"":"":"3b9b2af54e610ed0b3dda96961dd8783":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3452b7bc100c334292e08343f139b9d0":"8f92739a30fe4ba24079f5d42753d6ac":"":"":"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"31a0cbaf21b943f8badc939e94eac7eb":"d5bb2c4eaec47088230972ae34fcda9c":"":"":"580e728512c8e44fbb3fe2c498e05323":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9e8fca537746e7cbff97f1dcd40a3392":"43e9f2bf186b2af8cc022e7c7412d641":"":"":"4465a3f9d9751789bcef5c7c58cbc5":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"35b5854ca83792ad691dbda1a66790fb":"cff61cf9b32ea30cf7e3692aa6e74bed":"":"":"726793199df533dd9055b0ac7c939d":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"07259267c1c6a015437a5d8cfa92f9e6":"18b9cf2ad7ace6ec1c8366b72878cf20":"":"":"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fa1df8955aa3ef191900b06e7c1b7d46":"6928c138c98a4350c318fbdccd3f44ba":"":"":"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c04200ce41ce77d772babb206315ec7d":"a885d58f0f38f9ff26d906fa1bfb12f4":"":"":"9ee0d025421f2bf18caf563953fb":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"650df049461be341c3099bd1613dcead":"8a4ff6327b49d297248ce2d5bd38afa8":"":"":"13f067ef0d7b448d56e70d282fed":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ee61b5bf5060fcc637dc833926898508":"b2dcf21f9ffa4a883044d29f087f9b85":"":"":"9ab1d66666d4dea3cbb5982238":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"01cc56ca7e64db7fbef66236a5c49493":"8ea5b63004189792cc040ef18b37e550":"":"":"d685aeb54aa129a21bed17766e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"134dd72ac8e28ab46720c2f42284a303":"c6368e4c0ba0ec90fa7488af9997a4c7":"":"":"4ad9cdf19ff7d7fd7e273efced":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"180c04b2bde6901edcda66085f73ecd9":"9193b206beade4cb036f01a9db187cb8":"":"":"530f5e9ed0879ccef3a7b360":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aaac85742a55ffa07e98106d6d6b1004":"630cd8ab849253c4da95ac80324ecc28":"":"":"37911820c810e3700c3a9321":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"86e6100669929e329a1d258cd3552dc9":"":"":"958d6141f7fb2b2dc7d851a6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd756d49fd25380c4026ea03cafc2da":"6a6f7e39b0d730ea1670e13d16c12c28":"":"":"872ef05a28da5ea1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"bd8a834b288bdc7578b6c6ab36f5d068":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":"":"c5c094e83755f2b6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"020d280dbd06939bbb5e6edc6f6d39c6":"09aea6f0e57598452719d6f63b6fe5a0":"":"":"05d6c56ba601e85b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e47f41a27a2722df293c1431badc0f90":"227c036fca03171a890806b9fa0c250d":"":"":"86c22189":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9d3e112114b94e26e93d3855d4be26bd":"99b98525160c4bb2029da5553ff82b59":"":"":"33bee715":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5b4b7688588125349fbb66004a30d5d4":"b4ae363edb529d8b927c051cf21a2d9d":"":"":"6a920617":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":"":"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"":"c53d01e53ee4a6ea106ea4a66538265e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0c88b191ce6e8e4a3941f7960b7eae5":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":"":"92604d37407aff33f8b677326cbb94fc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c818dfa0885a09f65ef78712f5ce6609":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":"":"20e9a3a98d71d460743e1efaab13c6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2354c6b6afaa883e7ce91faca4981f8b":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":"":"3588c9aa769897dfa328549fbbd10a":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0af48e6aebbb6ff5b7c92bd140b085f":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":"":"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a05fe482fe164b2eca7f6c3e377b39d8":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":"":"3900bde9fa9ae2cbeee54d04f224":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dacbadf819eb16a63f6f091d13ed04d4":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":"":"8988fca83c8cfb1f8feefac46f04":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"969244c7444f3f3bf193b28f8e8e96dc":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":"":"a291c7527385f037f62e60fd8a96":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"525abe490c8434802b69439c590a5290":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":"":"038c7e95f790e6ca5ce73f9551":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"51644e025659de983f5c8156516b812e":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":"":"77e3deba2c7f9386f85bc4a801":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08566ca7310302dfb84d76ea0525ba20":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":"":"873f037fc05252a44dc76f8155":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfb54db96383fa911bf5b4fa1218ef9a":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":"":"dada7fc7fed58db462854ef6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"389cf888474e9403e5f4d0e22ffec439":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":"":"92726d90ad26130e65f2beb4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e55abb2ca36c822bf2a030ac703cb8b4":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":"":"65025250343ed8c09b3fceed":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"586114f3b1dc087e1b2739b28c592dfe":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":"":"467a815610faeb82":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cbfe806bddb7f06b3826b097550c68f5":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":"":"0697ac372a9acafd":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"96ce3a095a91effdd91d616f1f02ddcd":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":"":"55a0f61032e048f3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"24ece168c2971cf2b404ea206dc9e29d":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":"":"d2b15a23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d3c3cf993f6740a019e61ce13c29955c":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":"":"f2d3a6ff":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5f1e5bd45ee8bb207ebbd730510ff218":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":"":"0d6c15da":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3997050377cfbb802cc438d973661688":"c95c84c263bdfd5f1de66e7e616cf3fb":"":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0bc2bde877e881aea512068105694968":"05f0c34ab2e8e8026b0a23719344b71f":"":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e14f45ba5d1eb52e0412240da5d7b5f9":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a64579f3601b0022d357b601cd876ab":"515efc6d036f95db7df56b1bbec0aff2":"":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1bda4acfd10ab635f357935bb0ab7020":"48b77c587616ffaa449533a91230b449":"":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d21cf24bc5bd176b4b0fd4c8477bb70d":"208cb9dced20b18edddb91596e902124":"":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"7edfb9daf8ca2babcc02537463e9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d02e2b02170986944487cba8448f998":"6336077bb83eff1c9ea715de99b372cd":"":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cd1ad1de0521d41645d13c97a18f4a20":"413873a0b063ad039da5513896233286":"":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1cb120e9cd718b5119b4a58af0644eff":"5a7087989bfe2f6eddcb56fde4d72529":"":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"95d8bd12af8a5ab677309df0fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"315b206778c28ed0bfdd6e66088a5c39":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"930750c53effc7b84aa10b2276":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e886de1c907c97e7db8ec80a79df90f8":"612cacbf33266353d0a29a24532f3c0c":"":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3b936e09a6477f3bd52030a29df5001d":"f93105be83fa5e315d73acfdcf578de7":"":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"91b55bb5e3f3f1abcf335db5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dc9e2095de7b1b48481b56bf6a3604cd":"9e5268db19a1b51c0496a160ca76f8f7":"":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3f93901fd7cc88db3ba76a158d658c7b":"7e98de461e6d96c0ce6c8d8b3854cf49":"":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"42289f3d3cd5838e250ef54b128e60d1":"e557389a216ad724aafdab0180e1892e":"":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d772eabb7f19475665ca2a7e693bcfc":"0747cbb486a013453fde1ca6abb11dbe":"":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"8e761ffaea68f967":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fb7fd753ee6eaaf283a42a121dab4e43":"8164929fb54485377ecccc9b9621af5e":"":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30d757fd73a0fd5fa49159ad0653296d":"b35b8df0aebd0608517f2830e0e70cd0":"":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d9d3cfd5900de5d5e2109e7721cfeef6":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"2b81e8ce":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"68dc138f19354d73eaa1cf0e79231d74":"e7147749560f491420a2d893c075bb76":"":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"7362c86344e0aefb0cf0d04768f9c05d":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"58748bb204ccb7bdafdbf739b6c19a3e":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6cc13cbd62428bb8658dd3954fe9181f":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"286d3f5080cfe88538571188fbeb2dd5":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"d90d34094d740214dd3de685010ce3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"726ae113a096769b657f973ea6d2d5dd":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"73a9eeda721c6f292e6b399e2647f8a6":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90dbda7397d8fc46215a1218a6ffd0d8":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"776d871944159c51b2f5ec1980a6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0c85174d428fc1c7c89ca5d1b8aaba25":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d89f06eb07744d43d44734faf9751d07":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"fcad48076eb03ebe85c6d64f6357":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6150f14dc53f391e815acfabed9f9e20":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3e8216072ed6fcde0fe0f636b27ed718":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"531a65cc5dfeca671cc64078d1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1af434b73a1210b08595ffa686079832":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"04036d2f5273c6ff5b8364aa595359c9":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"59fe44c6e28d025b2ad05e6e867051ab":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"296c4cdaeb94beb2847dc53d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c314264cee0e6db30ebe9b2f6d4991b2":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"26072018bd0bda524b5beb66a622c63e":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"edffe55c60235556":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"201751d3da98bd39ff4e5990a56cfea7":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3bc0dcb5261a641a08e6cb00d23e4deb":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"239c15492d6deec979e79236baca4635":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"db68a96e216b0dd9945f14b878487e03":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"659b9e729d12f68b73fdc2f7260ab114":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"8e5a6a79":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"4f801c772395c4519ec830980c8ca5a4":"":"":"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"335ca01a07081fea4e605eb5f23a778e":"":"":"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"d9172c3344d37ff93d2dcb2170ea5d01":"":"":"017fef05260a496654896d4703db3888":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"f47e915163fa3df7f6c15b9d69f53907":"":"":"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"a35b397b34a14a8e24d05a37be4d1822":"":"":"e045ecba220d22c80826b77a21b013":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"169a449ccb3eb29805b15304d603b132":"":"":"3a807251f3d6242849a69972b14f6d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"538641f7d1cc5c68715971cee607da73":"":"":"07d68fffe417adc3397706d73b95":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"0d8eb78032d83c676820b2ef5ccc2cc8":"":"":"7da181563b26c7aefeb29e71cc69":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"646a91d83ae72b9b9e9fce64135cbf73":"":"":"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"55e10d5e9b438b02505d30f211b16fea":"":"":"95c0a4ea9e80f91a4acce500f7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"e25ef162a4295d7d24de75a673172346":"":"":"89ea4d1f34edb716b322ea7f6f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"08ea464baac54469b0498419d83820e6":"":"":"ab064a8d380fe2cda38e61f9e1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"766996fb67ace9e6a22d7f802455d4ef":"":"":"9a641be173dc3557ea015372":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"75cdb8b83017f3dc5ac8733016ab47c7":"":"":"81e3a5580234d8e0b2204bc3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"cfbefe265583ab3a2285e8080141ba48":"":"":"355a43bcebbe7f72b6cd27ea":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":"":"34b8e037084b3f2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"118d0283294d4084127cce4b0cd5b5fa":"":"":"507a361d8ac59882":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"b78d518b6c41a9e031a00b10fb178327":"":"":"f401d546c8b739ff":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"14eb280288740d464e3b8f296c642daa":"":"":"39e64d7a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"f54bf4aac8fb631c8b6ff5e96465fae6":"":"":"1ec1c1a1":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"75532d15e582e6c477b411e727d4171e":"":"":"76a0e017":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":"":"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":"":"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":"":"d22407fd3ae1921d1b380461d2e60210":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":"":"fcbb932ddb0128df78a71971c52838":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":"":"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":"":"fd78b9956e4e4522605db410f97e84":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":"":"b11f5c0e8cb6fea1a170c9342437":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":"":"6cdf60e62c91a6a944fa80da1854":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cc9922299b47725952f06272168b728218d2443028d81597":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":"":"dd515e5a8b41ecc441443a749b31":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":"":"f33e8f42b58f45a0456f83a13e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":"":"380128ad7f35be87a17c9590fa":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":"":"e9e5beea7d39c9250347a2a33d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":"":"24483a57c20826a709b7d10a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":"":"23012503febbf26dc2d872dc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":"":"e8e80bf6e5c4a55e7964f455":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":"":"74264163131d16ac":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":"":"8f4877806daff10e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":"":"4eff7227b42f9a7d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":"":"ff355f10":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":"":"cb4d8c1d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":"":"4a28ec97":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"eb16ed8de81efde2915a901f557fba95":"":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"804056dca9f102c4a13a930c81d77eca":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"70835abab9f945c84ef4e97cdcf2a694":"":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"7f770140df5b8678bc9c4b962b8c9034":"":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"151fd3ba32f5bde72adce6291bcf63ea":"":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"743699d3759781e82a3d21c7cd7991c8":"":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"1da347f9b6341049e63140395ad445":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"85b241d516b94759c9ef975f557bccea":"":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"9769f71c76b5b6c60462a845d2c123ad":"":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"4b12c6701534098e23e1b4659f684d6f":"":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"729b31c65d8699c93d741caac8e3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"fe1e427bcb15ce026413a0da87":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"927ce8a596ed28c85d9cb8e688a829e6":"":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"508c55f1726896f5b9f0a7024fe2fad0":"":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"b2a7c0d52fc60bacc3d1a94f33087095":"":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"1bd17f04d1dc2e447b41665952ad9031":"":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"01b0a815dc6da3e32851e1fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"5ea9198b860679759357befdbb106b62":"":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7474d9b07739001b25baf6867254994e06e54c578508232f":"3ade6c92fe2dc575c136e3fbbba5c484":"":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"67c25240b8e39b63":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"41b37c04ab8a80f5a8d9d82a3a444772":"":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"4ee54d280829e6ef":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"9af53cf6891a749ab286f5c34238088a":"":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"6f6f344dd43b0d20":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"623df5a0922d1e8c883debb2e0e5e0b1":"":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"9265abe966cb83838d7fd9302938f49d":"":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"6f6c38bc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9b3781165e7ff113ecd1d83d1df2366d":"":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"62f32d4e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"0943abb85adee47741540900cc833f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"4da85b8ec861dd8be54787bb83f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"8781b045a509c4239b9f44624e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"2ad4520ddc3b907414d934cc1d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4382507dddccf1385fc831da8924147563416d0656e168ec":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"b124eea927e2a62a875494a1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"f1a23ce6e2bc9088a62c887abecd30ae":"":"":"d4d5c22f993c8c610145fcbe4e021687":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"ef221a1c66fda17906190b7c99ab60b8":"":"":"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"7c29b3196d44df78fa514a1967fcd3a6":"":"":"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"783f9a3c36b6d0c9fd57c15105316535":"":"":"23e21a803cac5237777014686564f2":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"2acc2073089a34d4651eee39a262e8ae":"":"":"7ac742c859a02a543b50464c66dcf5":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"c937615675738f4b3227c799833d1e61":"":"":"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"1f939226feab012dabfc2193637d15b1":"":"":"eed5fcb7607c038b354746d91c5b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"e2076e1050070d468659885ea77e88d0":"":"":"b4586bdbd4b6b899648f2333eee0":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"2d07bb8616fc0bbb71755a1bd256e7fb":"":"":"6b60d645220cfde42d88296ac193":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"6c31194df99d08881fa5b1dd33b45a92":"":"":"69431593c376c9f8052bf10747":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"73599275f8237f14c4a52b283c07275d":"":"":"6f7249d25c9f273434c4720275":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"d0871bfc3693245be478e6a257c79efb":"":"":"5a99d59631d0e12f58b7b95ccd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"c72bb300b624c27cded863eba56e7587":"":"":"ea2528e7439be2ed0a0d6b2a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"28899601fa95f532b030f11bbeb87011":"":"":"35625638589bb7f6ccdb0222":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"375d4134e8649367f4db9bdb07aa8594":"":"":"70610bf329683e15ecf8c79f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"9f502fb5ac90ff5f5616dd1fa837387d":"":"":"a4b5138122e1209d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"2ee96384dd29f8a4c4a6102549a026ab":"":"":"3b33a10189338c3b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"8d97f354564d8185b57f7727626850a0":"":"":"813d2f98a760130c":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"daf13501a47ee73c0197d8b774eec399":"":"":"a6d108c0":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":"":"a47cdadd":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"817199254a912880405c9729d75ed391":"":"":"d81d9b41":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":"":"dd153cfd7aa946280660c445f586fa28":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":"":"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":"":"2c84bf7a8947ab93b10ae408243b4993":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":"":"e8aac14b53cdbc2028d330fc8d92a7":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":"":"dc034564d4be7de243ff059b5f9160":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":"":"942b52277e9dc0a30d737d00f5e597":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":"":"87737873b82586bb29b406946cae":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":"":"06f95ca69c222a8985887925b15e":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":"":"c68842cafc50070799f7c8acd62a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":"":"ec9a79a88a164e1a6253d8312e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":"":"9779b7c3ece6c23d5813e243ec":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":"":"ca82448429106009094c21d70b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":"":"9d1603799e2485a03e7b05a0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":"":"05ee6ce13711535864674a5b":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":"":"0c9c17388d0610f99d0a093f":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":"":"1c3bd1e0d4918e36":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":"":"dab612351f75e2cb":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":"":"f1d743b7e1b73af5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":"":"4dc74971":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":"":"fb845ab7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":"":"c840d994":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"cff291d2364fc06a3a89e867b0e67e56":"":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"1c8f41424acaf009996ceaa815b24ad4":"":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"a950ab0dd84115e3829ab0ad3bbb1193":"":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"3a2acf69bba19f5d1d1947af2cfda781":"":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"3cd95429c6de1d327b9eb3c45424a87c":"":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"bd505fcba464e6e2c58fdf29f5695fb9":"":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"776248381941e16908f52d19207881f5":"":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"603977845d82faccb401817ecce6e2fe":"":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"c955a3bc316841be07e406d289c8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"4cd56de54e5140a587be7dfd02d3a39e":"":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"1a29527a41330259f918d99d7509":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"afe986ead799727063958e2ce13ca846f76c51605439f839":"f85a95ed10b69623162ab68d1098de94":"":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"537a4ee307af3072e745570aaaadce34":"":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"df01cffbd3978850e07328e6b8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"5124b410c43d875eca6ce298c45994a7":"":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"ff10234524433b871202c2cca6acb194":"":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"49da91e926091a448d57d521cc90f3c0":"":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"99198f55f9fa763651bba58e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"b5efb9feae3de41b5ce9aa75583b8d21":"":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"9604d031fa43dcd0853e641c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"aef257dd44d14d0bc75f9311ef24e85a":"":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"c15c9c0b0b70c7321df044bfde2b15fb":"":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c5c9851a6bf686d0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"0bd64d222532dae8ab63dc299355bf2a":"":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"3477cad1fd4098b2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"37e3a300542d9caf3975c6429cb8a2e8":"":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"6cba4efc8d4840aa044a92d03d6b4d69":"":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"4f4636d1b283bfa72c82809eb4f12519":"":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"16c80a62":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"87b5372571fb244648053c99405999130f87a7c178052297":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"010195091d4e1684029e58439039d91e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"28a43253d8b37795433140641e9ffd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"3269922affb9d767f5abe041cc8e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"22c2efeddfd5d9cb528861c4eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"673afea592b2ce16bd058469f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"079e8db9c3e6eddb0335b1cf64":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"974bd0c4a8cac1563a0e0ce0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"84f1efd34ff84e83":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"15d456da7645abf2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"613ba486":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"3a0324d63a70400490c92e7604a3ba97":"":"":"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"7156358b203a44ef173706fdc81900f8":"":"":"9687fb231c4742a74d6bf78c62b8ac53":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"4fe6ace582c4e26ce71ee7f756fb7a88":"":"":"d5bdf8ec2896acafb7022708d74646c7":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"404efd26b665c97ea75437892cf676b6":"":"":"e491075851eec28c723159cc1b2c76":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"4037eadb11249884b6b38b5525ba2df4":"":"":"360c6ef41cbd9cd4a4e649712d2930":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"cebbce06a88852d3bb2978dbe2b5995a":"":"":"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"008d040fbd7342464209f330cf56722c":"":"":"c87107585751e666bedae2b1b7e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"947c5f0432723f2d7b560eca90842df1":"":"":"7d331fedcea0fd1e9e6a84385467":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"51f639467083377795111d44f7d16592":"":"":"02d31f29e15f60ae3bee1ad7ea65":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"aea6f8690f865bca9f77a5ff843d2365":"":"":"7f2280776d6cd6802b3c85083c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":"":"ea01723a22838ed65ceb80b1cf":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"ae07f8c7ac82c4f4c086e04a20db12bc":"":"":"1132e4fff06db51ff135ed9ced":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"929b006eb30d69b49a7f52392d7d3f11":"":"":"33940d330f7c019a57b74f2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"e34b19381f05693f7606ce043626664d":"":"":"2adc2c45947bfa7faa5c464a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"a56f27709e670b85e5917d5c1d5b0cc2":"":"":"177b9a5e6d9731419dd33c5c":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":"":"fe82300adffd8c17":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"1bd9ea6186450f9cd253ccfed2812b1c":"":"":"35214bbc510430e3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"728cb9608b67a489a382aa677b1f4f5b":"":"":"e2ef5d9cc5791c01":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":"":"0fe57572":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"7b722fdd43cff20832812f9baf2d6791":"":"":"72dea6cc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"729baa4c0ef75ed8aae746376b39fe3c":"":"":"2a0d607c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":"":"c595b9d99414891228c9fa5edb5fcce3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":"":"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":"":"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":"":"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":"":"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":"":"e3645db0c600dba52044efcecfc331":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":"":"c25fc157c3f2474885e2eea48aea":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":"":"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":"":"3bcb5c2a4261d75bfa106fb25ee1":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":"":"0e463806ff34e206f703dd96b3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":"":"3f0ccc134091e0c0425887b1b9":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":"":"888b836c9111073924a9b43069":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":"":"b6044c4d7f59491f68b2c61e":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":"":"5c5683e587baf2bd32de3df5":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":"":"52e10495105799ead991547b":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":"":"6ff8fd87e5a31eb6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":"":"49aaa806cb2eeadd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":"":"a5b71ecf845b25d0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":"":"e9cdbc52":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":"":"e35dbac8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":"":"e7a37f15":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"2fc1afc1395d8409919248709f468496":"":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"c571ce0e911de5d883dc4a0787483235":"":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"275393276745bc43bae4af1e5d43a31e":"":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"47f5264f7a5b65b671892a05fa556f63":"":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"4e022d8d86efbd347e8cbab7e979771f":"":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"7c0f49fb54f5e68c84e81add009284e6":"":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"5cea906737518c2cb901016e30206276":"":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"387ee8c1e7f047e94d06d0322eec02fc":"":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"d2b277f78e98f1fa16f977ce72ee22a7":"":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"4c81c044101f458fdfac9ca3b9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"94886a1845aebba5ed6b86f580be47f9":"":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"4be34ff42085ef4443c8b6042d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"e5ca84b907ac761a5e68a9080da0a88a":"":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"fa549b33b5a43d85f012929a4816297a":"":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"afa61e843cee615c97de42a7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"2f8512bb7e214db774a217a4615139e1":"":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"f1da1cebe00d80eb4e025feb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"3da9af3567d70553ca3a9636f0b26470":"":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"b957f05921d21f2192f587768dc12b4f":"":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"322374fbb192abbc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"31bd7c971a6d330b566567ab19590545":"":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"efc5a1acf433aaa3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"2f9c0647a4af7f61ced45f28d45c43f1":"":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"69d81c73008a6827a692fa636fbab8bb":"":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"be2dda5c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"e119e166471ecf44bc3a070639619931":"":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"b2f54b3a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"cf296aa43cb7b328e09c8975e067404e":"":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"56015c1e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"ba61edeb7b8966188854fc7926aad2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"993fc8e7176557ee9eb8dd944691":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"92282b022e393924ab9c65b258c2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"6154c6799ad7cdc2d89801943a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"1d6cd4ab3914e109f22668867f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"d8bd7d8773893519":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"74110471ccd75912":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"30298885":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"1997daa9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"7f8368254955e1b6d55b5c64458f3e66":"":"":"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"274367f31ec16601fe87a8e35b7a22dd":"":"":"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"796efaff4f172bef78453d36a237cd36":"":"":"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"45e6b23f8b3feefd4b0ea06880b2c324":"":"":"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"548c9c8fcc16416a9d2b35c29f0dacb3":"":"":"3aa21f221266e7773eeba4440d1d01":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"a5129e2530f47bcad42fc5774ee09fe7":"":"":"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":"":"55952a01eee29d8a1734bbdf3f8f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"6404b111c6289eefa0d88ed6117bb730":"":"":"637f82e592831531a8e877adfc2c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"3b87b08337a82272b192bd067e3245ec":"":"":"1f2dda372f20ffddd9dd4810e05f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"58e70095c6f3a0cda2cdc7775e2f383d":"":"":"1763573f7dab8b46bc177e6147":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"d565c9cdfb5d0a25c4083b51729626bd":"":"":"78738d3e9f5e00b49635ac9a2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":"":"ea7b52490943380ccc902ca5ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"c993c1802df0f075ce92963eb9bff9bd":"":"":"edfab013213591beb53e6419":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"8f7e1621c2227839da4ea60548290ffa":"":"":"f9da62f59c080160ec30b43d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"05d363b2452beff4b47afb052ac3c973":"":"":"6b4a16d1ea1c21b22bdcb235":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"774f4e70a7577b5101c0c3d019655d3e":"":"":"98ff89a8e28c03fd":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"99f25cebd6cfa7f41390b42df6a65f48":"":"":"8e14a0a4853a156a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"c1beff1ff6cdd62339aa21149c4da1e6":"":"":"f998d7c08d609b3a":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"88126c350dfc079c569210ee44a0e31a":"":"":"f2ebe5e4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"af29fdb96f726c76f76c473c873b9e08":"":"":"13fd6dfd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"1552604763453b48a57cea1aed8113f4":"":"":"660c5175":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":"":"6b4b1a84f49befe3897d59ce85598a9f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":"":"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":"":"2211ca91a809adb8cf55f001745c0563":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":"":"2e080ba16011e22a779da1922345c2":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":"":"83de3f521fcfdaff902386f359e683":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":"":"cd4542b26094a1c8e058648874f06f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":"":"96ca402b16b0f2cd0cdff77935d3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":"":"8233588fca3ad1698d07b25fa3c4":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":"":"477b0a884d788d1905646bd66084":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":"":"0cb67cec1820339fa0552702dd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":"":"08d7cc52d1637db2a43c399310":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":"":"fbb477dd4b9898a9abc5a45c63":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":"":"99230019630647aedebbb24b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":"":"9553b583d4f9a1a8946fe053":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":"":"44b95a37fab232c2efb11231":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":"":"072d4118e70cd5ab":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":"":"1bcea0ac2c1a0c73":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":"":"faa5c13d899f17ea":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":"":"a3958500":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":"":"50fd1798":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":"":"07764143":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"5714732145470da1c42452e10cd274b5":"":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"a714e51e43aecfe2fda8f824ea1dc4b7":"":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"91d55cfdcdcd7d735d48100ff82227c3":"":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"19788b2e0bd757947596676436e22df1":"":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"f26a20bea561004267a0bfbf01674e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"c6b26117d9dbd80c1c242ad41abe2acc":"":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0db3ade15cb0dea98a47d1377e034d63":"":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"83f98eec51ee4cae4cb7fe28b64d1355":"":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"df47eef69ba2faab887aa8f48e4b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"2bc0847d46f3d1064bbf8fe8567f54a2":"":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"b9194a4d42b139f04c29178467955f1d":"":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"05949d591793ca52e679bfdf64f3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"6a5335901284dd3b64dc4a7f810bab96":"":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"fcb962c39e4850efc8ffd43d9cd960a6":"":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"b4d9248bb500e40de99ca2a13e743f1c":"":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"160c50c0621c03fd1572df6ba49f0d1e":"":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"04885a5846f5f75a760193de7f07853c":"":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"0c13506ed9f082dd08434342":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"0a93b883cbd42998ae2e39aab342cb28":"":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"e20957a49a27e247d00379850f934d6c":"":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"d533c2170c5dc203512c81c34eff4077":"":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"2e2b31214d61276a54daf2ccb98baa36":"":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"5266e9c67c252164":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"a8339ba505a14786ad05edfe8cebb8d0":"":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"4f23f04904de76d6decd4bd380ff56b1":"":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"531248afdaaf1b86cf34d2394900afd9":"":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"7b334d7af54b916821f6136e977a1f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"e3ede170386e76321a575c095966":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"bea660e963b08fc657741bc8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"7859f047f32b51833333accf":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"2111d55d96a4d84d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"b1ece9fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"cb3f5338":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_GCM_C:MBEDTLS_AES_C
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":1
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 0c30e4a..2eb8c2d 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -882,3 +882,11 @@
# The first call to fix_negative in the test case of issue #4296.
ECP fix_negative: #4296.1
fix_negative:"8A4DD4C8B42C5EAED15FE4F4579F4CE513EC90A94010BF000000000000000000":-1:256
+
+ECP export key parameters #1 (OK)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:0
+
+ECP export key parameters #2 (invalid group)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:1
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 2afc355..c3e6b05 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -16,6 +16,44 @@
mbedtls_ecp_point_free( x ); \
mbedtls_ecp_point_init( x );
+/* Auxiliary function to compare two mbedtls_ecp_group objects. */
+inline static int mbedtls_ecp_group_cmp( mbedtls_ecp_group *grp1,
+ mbedtls_ecp_group *grp2 )
+{
+ if( mbedtls_mpi_cmp_mpi( &grp1->P, &grp2->P ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->A, &grp2->A ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->B, &grp2->B ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->N, &grp2->N ) != 0 )
+ return 1;
+ if( mbedtls_ecp_point_cmp( &grp1->G, &grp2->G ) != 0 )
+ return 1;
+ if( grp1->id != grp2->id )
+ return 1;
+ if( grp1->pbits != grp2->pbits )
+ return 1;
+ if( grp1->nbits != grp2->nbits )
+ return 1;
+ if( grp1->h != grp2->h )
+ return 1;
+ if( grp1->modp != grp2->modp )
+ return 1;
+ if( grp1->t_pre != grp2->t_pre )
+ return 1;
+ if( grp1->t_post != grp2->t_post )
+ return 1;
+ if( grp1->t_data != grp2->t_data )
+ return 1;
+ if( grp1->T_size != grp2->T_size )
+ return 1;
+ if( grp1->T != grp2->T )
+ return 1;
+
+ return 0;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -988,3 +1026,40 @@
TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_export( int id, char * Qx, char * Qy,char * d, int expected_ret, int invalid_grp )
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_group export_grp;
+ mbedtls_mpi export_d;
+ mbedtls_ecp_point export_Q;
+
+ mbedtls_ecp_group_init( &export_grp );
+ mbedtls_ecp_group_init( &key.grp );
+ mbedtls_mpi_init( &export_d );
+ mbedtls_ecp_point_init( &export_Q );
+
+ mbedtls_ecp_keypair_init( &key );
+ if( invalid_grp == 0 )
+ TEST_ASSERT( mbedtls_ecp_group_load( &key.grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_string( &key.Q, 16, Qx, Qy ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &key.d, 16, d ) == 0 );
+
+ TEST_EQUAL( mbedtls_ecp_export( &key, &export_grp,
+ &export_d, &export_Q ), expected_ret );
+
+ if( expected_ret == 0 )
+ {
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &key.Q, &export_Q ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &key.d, &export_d ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &key.grp, &export_grp ), 0 );
+ }
+
+exit:
+ mbedtls_ecp_keypair_free( &key );
+ mbedtls_ecp_group_free( &export_grp );
+ mbedtls_mpi_free( &export_d );
+ mbedtls_ecp_point_free( &export_Q );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 6cb1118..1ad6f3d 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -30,71 +30,57 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_extract( int md_alg, char *hex_ikm_string,
- char *hex_salt_string, char *hex_prk_string )
+void test_hkdf_extract( int md_alg,
+ data_t *ikm,
+ data_t *salt,
+ data_t *prk )
{
int ret;
- unsigned char *ikm = NULL;
- unsigned char *salt = NULL;
- unsigned char *prk = NULL;
unsigned char *output_prk = NULL;
- size_t ikm_len, salt_len, prk_len, output_prk_len;
+ size_t output_prk_len;
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
output_prk_len = mbedtls_md_get_size( md );
- output_prk = mbedtls_calloc( 1, output_prk_len );
+ ASSERT_ALLOC( output_prk, output_prk_len );
- ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
- salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
- prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
-
- ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk );
+ ret = mbedtls_hkdf_extract( md, salt->x, salt->len,
+ ikm->x, ikm->len, output_prk );
TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
+ ASSERT_COMPARE( output_prk, output_prk_len, prk->x, prk->len );
exit:
- mbedtls_free(ikm);
- mbedtls_free(salt);
- mbedtls_free(prk);
mbedtls_free(output_prk);
}
/* END_CASE */
/* BEGIN_CASE */
-void test_hkdf_expand( int md_alg, char *hex_info_string,
- char *hex_prk_string, char *hex_okm_string )
+void test_hkdf_expand( int md_alg,
+ data_t *info,
+ data_t *prk,
+ data_t *okm )
{
enum { OKM_LEN = 1024 };
int ret;
- unsigned char *info = NULL;
- unsigned char *prk = NULL;
- unsigned char *okm = NULL;
unsigned char *output_okm = NULL;
- size_t info_len, prk_len, okm_len;
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
- output_okm = mbedtls_calloc( OKM_LEN, 1 );
+ ASSERT_ALLOC( output_okm, OKM_LEN );
- prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
- info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
- okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
- TEST_ASSERT( prk_len == mbedtls_md_get_size( md ) );
- TEST_ASSERT( okm_len < OKM_LEN );
+ TEST_ASSERT( prk->len == mbedtls_md_get_size( md ) );
+ TEST_ASSERT( okm->len < OKM_LEN );
- ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len,
+ ret = mbedtls_hkdf_expand( md, prk->x, prk->len,
+ info->x, info->len,
output_okm, OKM_LEN );
TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
+ ASSERT_COMPARE( output_okm, okm->len, okm->x, okm->len );
exit:
- mbedtls_free(info);
- mbedtls_free(prk);
- mbedtls_free(okm);
mbedtls_free(output_okm);
}
/* END_CASE */
@@ -113,7 +99,7 @@
fake_md_info.type = MBEDTLS_MD_NONE;
fake_md_info.size = hash_len;
- prk = mbedtls_calloc( MBEDTLS_MD_MAX_SIZE, 1 );
+ ASSERT_ALLOC( prk, MBEDTLS_MD_MAX_SIZE);
salt_len = 0;
ikm_len = 0;
@@ -143,10 +129,10 @@
info_len = 0;
if (prk_len > 0)
- prk = mbedtls_calloc( prk_len, 1 );
+ ASSERT_ALLOC( prk, prk_len );
if (okm_len > 0)
- okm = mbedtls_calloc( okm_len, 1 );
+ ASSERT_ALLOC( okm, okm_len );
output_ret = mbedtls_hkdf_expand( &fake_md_info, prk, prk_len,
info, info_len, okm, okm_len );
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index d918ce3..2deb92a 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -16,6 +16,7 @@
unsigned char buf[150];
mbedtls_md_init( &ctx );
+ memset( buf, 0, sizeof( buf ) );
/*
* Very minimal testing of mbedtls_md_process, just make sure the various
@@ -30,6 +31,7 @@
info = mbedtls_md_info_from_type( *md_type_ptr );
TEST_ASSERT( info != NULL );
TEST_ASSERT( mbedtls_md_setup( &ctx, info, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_md_starts( &ctx ) == 0 );
TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == 0 );
mbedtls_md_free( &ctx );
}
@@ -53,6 +55,8 @@
TEST_ASSERT( mbedtls_md_get_name( NULL ) == NULL );
TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == NULL );
+ TEST_ASSERT( mbedtls_md_info_from_ctx( NULL ) == NULL );
+ TEST_ASSERT( mbedtls_md_info_from_ctx( &ctx ) == NULL );
TEST_ASSERT( mbedtls_md_setup( &ctx, NULL, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_md_setup( NULL, info, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -202,6 +206,8 @@
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
+ TEST_ASSERT ( mbedtls_md_info_from_ctx( &ctx ) == md_info );
+ TEST_ASSERT ( mbedtls_md_info_from_ctx( &ctx_copy ) == md_info );
TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
@@ -249,6 +255,8 @@
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
+ TEST_ASSERT ( mbedtls_md_info_from_ctx( &ctx ) == md_info );
+ TEST_ASSERT ( mbedtls_md_info_from_ctx( &ctx_copy ) == md_info );
halfway = src_str->len / 2;
@@ -321,6 +329,7 @@
md_info = mbedtls_md_info_from_string( md_name );
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
+ TEST_ASSERT ( mbedtls_md_info_from_ctx( &ctx ) == md_info );
halfway = src_str->len / 2;
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 77546c5..59884e5 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -16,23 +16,26 @@
PEM write (exactly two lines + 1)
mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
+PEM read (unencrypted, valid)
+mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53"
+
PEM read (DES-EDE3-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""
PEM read (DES-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""
PEM read (unknown encryption algorithm)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG:""
PEM read (malformed PEM DES-CBC)
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:""
PEM read (malformed PEM DES-EDE3-CBC)
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:""
PEM read (malformed PEM AES-128-CBC)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:""
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 947f1fb..bf5ac73 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -34,18 +34,26 @@
/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */
void mbedtls_pem_read_buffer( char *header, char *footer, char *data,
- char *pwd, int res )
+ char *pwd, int res, data_t *out )
{
mbedtls_pem_context ctx;
int ret;
size_t use_len = 0;
size_t pwd_len = strlen( pwd );
+ const unsigned char *buf;
mbedtls_pem_init( &ctx );
ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data,
(unsigned char *)pwd, pwd_len, &use_len );
TEST_ASSERT( ret == res );
+ if( ret != 0 )
+ goto exit;
+
+ use_len = 0;
+ buf = mbedtls_pem_get_buffer( &ctx, &use_len );
+ TEST_EQUAL( use_len, out->len );
+ TEST_ASSERT( memcmp( out->x, buf, out->len ) == 0 );
exit:
mbedtls_pem_free( &ctx );
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 5eb145d..306cfd7 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -41,8 +41,13 @@
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
-PK PSA utilities: setup/free, info functions, unsupported operations
-pk_psa_utils:
+PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_utils:0
+
+PK PSA utilities: RSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_psa_utils:1
RSA verify test vector #1 (good)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
@@ -136,9 +141,9 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
-RSA encrypt test vector
+RSA encrypt-decrypt test
depends_on:MBEDTLS_PKCS1_V15
-pk_rsa_encrypt_test_vec:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
+pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":0
RSA decrypt test vector #1
depends_on:MBEDTLS_PKCS1_V15
@@ -166,51 +171,87 @@
Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:0
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:128:0
Verify ext RSA #2 (PKCS1 v2.1, salt_len = ANY, wrong message)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_VERIFY_FAILED
+pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_RSA_VERIFY_FAILED
Verify ext RSA #3 (PKCS1 v2.1, salt_len = 0, OK)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:0:0
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:0:128:0
Verify ext RSA #4 (PKCS1 v2.1, salt_len = max, OK)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:0
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:128:0
+
+Verify ext RSA #5 using PSA (PKCS1 v2.1, wrong salt_len)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:MBEDTLS_ERR_RSA_VERIFY_FAILED
Verify ext RSA #5 (PKCS1 v2.1, wrong salt_len)
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:MBEDTLS_ERR_RSA_INVALID_PADDING
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:!MBEDTLS_USE_PSA_CRYPTO
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:MBEDTLS_ERR_RSA_INVALID_PADDING
Verify ext RSA #6 (PKCS1 v2.1, MGF1 alg != MSG hash alg)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_NONE:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:0
+pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_NONE:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:128:0
Verify ext RSA #7 (PKCS1 v2.1, wrong MGF1 alg != MSG hash alg)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_NONE:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_INVALID_PADDING
+pk_rsa_verify_ext_test_vec:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":MBEDTLS_MD_NONE:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA1:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_RSA_INVALID_PADDING
Verify ext RSA #8 (PKCS1 v2.1, RSASSA-PSS without options)
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:-1:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_PK_BAD_INPUT_DATA
Verify ext RSA #9 (PKCS1 v1.5, RSA with options)
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_PK_BAD_INPUT_DATA
Verify ext RSA #10 (PKCS1 v1.5, RSA without options)
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_VERIFY_FAILED
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_RSA_VERIFY_FAILED
Verify ext RSA #11 (PKCS1 v2.1, asking for ECDSA)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_ECDSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_TYPE_MISMATCH
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_ECDSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:128:MBEDTLS_ERR_PK_TYPE_MISMATCH
Verify ext RSA #12 (PKCS1 v1.5, good)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
-pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:0
+pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:128:0
+
+Verify ext RSA #13 (PKCS1 v2.1, salt_len = max, sig_len too long)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+
+Verify ext RSA #14 (PKCS1 v2.1, salt_len = ANY, sig_len too long)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:129:MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+
+Verify ext RSA #15 (PKCS1 v2.1, salt_len = ANY, sig_len too short)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:127:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
+Verify ext RSA #16 (PKCS1 v2.1, salt_len = max, sig_len too short)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:127:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
+Verify ext RSA #17 (PKCS1 v2.1, salt_len = ANY, wrong message, sig_len too short)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:127:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
+Verify ext RSA #18 (PKCS1 v2.1, salt_len = max, wrong message, sig_len too short)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:127:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
+Verify ext RSA #19 (PKCS1 v2.1, salt_len = ANY, wrong message, sig_len too long)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
+Verify ext RSA #20 (PKCS1 v2.1, salt_len = max, wrong message, sig_len too long)
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+pk_rsa_verify_ext_test_vec:"54657374206d657373616766":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -269,38 +310,102 @@
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
PSA wrapped sign: SECP256R1
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256
PSA wrapped sign: SECP384R1
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384
PSA wrapped sign: SECP521R1
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521
PSA wrapped sign: SECP192K1
-depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192
## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
# PSA wrapped sign: SECP224K1
-# depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
-# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+# depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224
PSA wrapped sign: SECP256K1
-depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256
PSA wrapped sign: BP256R1
-depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
PSA wrapped sign: BP384R1
-depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
PSA wrapped sign: BP512R1
-depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
+
+PSA wrapped sign: RSA PKCS1 v1.5
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
+pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
+
+PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
+
+PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA384_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
+
+PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512
+
+PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
+
+PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
+
+PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
+
+PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
+
+PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
+
+PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 56cc45b..8fd5367 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -12,7 +12,7 @@
/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO),
* but the test code generator requires test case data to be valid C code
- * unconditionally (https://github.com/ARMmbed/mbedtls/issues/2023). */
+ * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
#define RSA_KEY_SIZE 512
@@ -88,11 +88,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
- * Generate a key using PSA and return the key identifier of that key,
+ * Generate an ECC key using PSA and return the key identifier of that key,
* or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
-mbedtls_svc_key_id_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey_ecc( void )
{
mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -109,6 +109,27 @@
exit:
return( key );
}
+
+/*
+ * Generate an RSA key using PSA and return the key identifier of that key,
+ * or 0 if the key generation failed.
+ */
+mbedtls_svc_key_id_t pk_psa_genkey_rsa( void )
+{
+ mbedtls_svc_key_id_t key;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+ const size_t bits = 1024;
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+
+exit:
+ return( key );
+}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* END_HEADER */
@@ -117,15 +138,15 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void pk_psa_utils( )
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_utils( int key_is_rsa )
{
mbedtls_pk_context pk, pk2;
mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const char * const name = "Opaque";
- const size_t bitlen = 256; /* harcoded in genkey() */
+ size_t bitlen;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
unsigned char b1[1], b2[1];
@@ -145,7 +166,16 @@
mbedtls_pk_free( &pk );
mbedtls_pk_init( &pk );
- key = pk_psa_genkey();
+ if( key_is_rsa )
+ {
+ bitlen = 1024; /* harcoded in genkey() */
+ key = pk_psa_genkey_rsa();
+ }
+ else
+ {
+ bitlen = 256; /* harcoded in genkey() */
+ key = pk_psa_genkey_ecc();
+ }
if( mbedtls_svc_key_id_is_null( key ) )
goto exit;
@@ -157,9 +187,18 @@
TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+ if( key_is_rsa )
+ {
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+ }
/* unsupported operations: verify, decrypt, encrypt */
TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
@@ -175,8 +214,12 @@
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
/* unsupported functions: check_pair, debug */
- TEST_ASSERT( mbedtls_pk_setup( &pk2,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ if( key_is_rsa )
+ TEST_ASSERT( mbedtls_pk_setup( &pk2,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ else
+ TEST_ASSERT( mbedtls_pk_setup( &pk2,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
mbedtls_test_rnd_std_rand, NULL )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
@@ -345,6 +388,8 @@
{
mbedtls_pk_context pub, prv, alt;
+ USE_PSA_INIT();
+
mbedtls_pk_init( &pub );
mbedtls_pk_init( &prv );
mbedtls_pk_init( &alt );
@@ -373,6 +418,7 @@
mbedtls_pk_free( &pub );
mbedtls_pk_free( &prv );
mbedtls_pk_free( &alt );
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -395,6 +441,8 @@
mbedtls_ecp_set_max_ops( 1 );
#endif
+ USE_PSA_INIT();
+
mbedtls_pk_init( &pk );
memset( hash_result, 0x00, MBEDTLS_MD_MAX_SIZE );
@@ -421,6 +469,7 @@
mbedtls_pk_restart_free( rs_ctx );
#endif
mbedtls_pk_free( &pk );
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -429,7 +478,8 @@
int mod, int radix_N, char * input_N,
int radix_E, char * input_E,
data_t * result_str, int pk_type,
- int mgf1_hash_id, int salt_len, int result )
+ int mgf1_hash_id, int salt_len, int sig_len,
+ int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
mbedtls_rsa_context *rsa;
@@ -438,6 +488,7 @@
void *options;
size_t hash_len;
+ USE_PSA_INIT( );
mbedtls_pk_init( &pk );
memset( hash_result, 0x00, sizeof( hash_result ) );
@@ -477,10 +528,11 @@
TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
digest, hash_result, hash_len,
- result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
+ result_str->x, sig_len ) == result );
exit:
mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -527,6 +579,8 @@
size_t hlen, slen;
const mbedtls_md_info_t *md_info;
+ USE_PSA_INIT();
+
mbedtls_pk_restart_init( &rs_ctx );
mbedtls_pk_init( &prv );
mbedtls_pk_init( &pub );
@@ -614,6 +668,7 @@
mbedtls_pk_restart_free( &rs_ctx );
mbedtls_pk_free( &prv );
mbedtls_pk_free( &pub );
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -707,24 +762,34 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
- char * input_N, int radix_E, char * input_E,
- data_t * result, int ret )
+void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, int ret )
{
- unsigned char output[300];
+ unsigned char output[300], result[300];
mbedtls_test_rnd_pseudo_info rnd_info;
+ mbedtls_mpi N, P, Q, E;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
- size_t olen;
+ size_t olen, rlen;
+
+ mbedtls_pk_init( &pk );
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+ mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( output, 0, sizeof( output ) );
+ USE_PSA_INIT( );
- mbedtls_pk_init( &pk );
+ /* encryption test */
+
+ /* init pk-rsa context */
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
rsa = mbedtls_pk_rsa( pk );
+ /* load public key */
rsa->len = mod / 8;
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
@@ -732,11 +797,44 @@
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ),
mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
- TEST_ASSERT( olen == result->len );
- TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
+
+ /* decryption test */
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+ mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+
+ /* init pk-rsa context */
+ mbedtls_pk_free( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ rsa = mbedtls_pk_rsa( pk );
+
+ /* load public key */
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+
+ /* load private key */
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
+ TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
+
+ memset( result, 0, sizeof( result ) );
+ rlen = 0;
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, output, olen,
+ result, &rlen, sizeof( result ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
+ if( ret == 0 )
+ {
+ TEST_ASSERT( rlen == message->len );
+ TEST_ASSERT( memcmp( result, message->x, rlen ) == 0 );
+ }
exit:
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
+ mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -753,6 +851,8 @@
mbedtls_pk_context pk;
size_t olen;
+ USE_PSA_INIT( );
+
mbedtls_pk_init( &pk );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -791,6 +891,7 @@
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -878,6 +979,8 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ USE_PSA_INIT( );
+
mbedtls_rsa_init( &raw );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
@@ -942,17 +1045,17 @@
exit:
mbedtls_rsa_free( &raw );
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
+ USE_PSA_DONE( );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */
-void pk_psa_sign( int grpid_arg,
- int psa_curve_arg, int expected_bits_arg )
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_sign( int parameter_arg,
+ int psa_type_arg, int expected_bits_arg )
{
- mbedtls_ecp_group_id grpid = grpid_arg;
mbedtls_pk_context pk;
unsigned char hash[32];
- unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char pkey_legacy[200];
unsigned char pkey_psa[200];
unsigned char *pkey_legacy_start, *pkey_psa_start;
@@ -960,12 +1063,12 @@
int ret;
mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg );
+ psa_key_type_t expected_type = psa_type_arg;
size_t expected_bits = expected_bits_arg;
/*
* This tests making signatures with a wrapped PSA key:
- * - generate a fresh ECP legacy PK context
+ * - generate a fresh ECP/RSA legacy PK context
* - wrap it in a PK context and make a signature this way
* - extract the public key
* - parse it to a PK context and verify the signature this way
@@ -973,13 +1076,38 @@
PSA_ASSERT( psa_crypto_init( ) );
- /* Create legacy EC public/private key in PK context. */
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_setup( &pk,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
- (mbedtls_ecp_keypair*) pk.pk_ctx,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) )
+ {
+ /* Create legacy RSA public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ),
+ mbedtls_test_rnd_std_rand, NULL,
+ parameter_arg, 3 ) == 0 );
+ }
+ else
+#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) )
+ {
+ mbedtls_ecp_group_id grpid = parameter_arg;
+
+ /* Create legacy EC public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
+ (mbedtls_ecp_keypair*) pk.pk_ctx,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ }
+ else
+#endif /* MBEDTLS_ECDSA_C */
+ {
+ (void) parameter_arg;
+ TEST_ASSUME( ! "Opaque PK key not supported in this configuration" );
+ }
/* Export underlying public key for re-importing in a legacy context. */
ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
@@ -1037,3 +1165,114 @@
USE_PSA_DONE( );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */
+void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg )
+{
+ /* See the description of pk_genkey() for the description of the `parameter` argument. */
+ mbedtls_pk_context pk;
+ size_t sig_len;
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ size_t hash_len = mbedtls_md_get_size( md_info );
+ void const *options = NULL;
+ mbedtls_pk_rsassa_pss_options rsassa_pss_options;
+ memset( hash, 0x2a, sizeof( hash ) );
+ memset( sig, 0, sizeof( sig ) );
+
+ mbedtls_pk_init( &pk );
+ PSA_INIT();
+
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( pk_type ) ) == 0 );
+
+ TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len,
+ sig, sizeof( sig ), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
+
+ if( key_pk_type == MBEDTLS_PK_RSASSA_PSS )
+ {
+ rsassa_pss_options.mgf1_hash_id = md_alg;
+ TEST_ASSERT( md_info != NULL );
+ rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info );
+ options = (const void*) &rsassa_pss_options;
+ }
+ TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg,
+ hash, hash_len, sig, sig_len ) == 0 );
+exit:
+ PSA_DONE( );
+ mbedtls_pk_free( &pk );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_wrap_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg )
+{
+ /* See the description of mbedtls_rsa_gen_key() for the description of the `parameter` argument. */
+ mbedtls_pk_context pk;
+ size_t sig_len, pkey_len;
+ mbedtls_svc_key_id_t key_id;
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+ unsigned char *pkey_start;
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ size_t hash_len = PSA_HASH_LENGTH( psa_md_alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ void const *options = NULL;
+ mbedtls_pk_rsassa_pss_options rsassa_pss_options;
+ int ret;
+
+ mbedtls_pk_init( &pk );
+ PSA_INIT();
+
+ /* Create legacy RSA public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_EQUAL( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( pk_type ) ), 0 );
+ TEST_EQUAL( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ),
+ mbedtls_test_rnd_std_rand, NULL,
+ parameter, 3 ), 0 );
+
+ /* Export underlying public key for re-importing in a legacy context. */
+ ret = mbedtls_pk_write_pubkey_der( &pk, pkey, sizeof( pkey ) );
+ TEST_ASSERT( ret >= 0 );
+
+ pkey_len = (size_t) ret;
+ /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+ pkey_start = pkey + sizeof( pkey ) - pkey_len;
+
+ /* Turn PK context into an opaque one. */
+ TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &pk, &key_id, psa_md_alg ), 0 );
+
+ memset( hash, 0x2a, sizeof( hash ) );
+ memset( sig, 0, sizeof( sig ) );
+
+ TEST_EQUAL( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len,
+ sig, sizeof( sig ), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL ), 0 );
+
+ mbedtls_pk_free( &pk );
+ TEST_EQUAL( PSA_SUCCESS, psa_destroy_key( key_id ) );
+
+ mbedtls_pk_init( &pk );
+ TEST_EQUAL( mbedtls_pk_parse_public_key( &pk, pkey_start, pkey_len ), 0 );
+
+ if( key_pk_type == MBEDTLS_PK_RSASSA_PSS )
+ {
+ rsassa_pss_options.mgf1_hash_id = md_alg;
+ TEST_ASSERT( md_info != NULL );
+ rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info );
+ options = (const void*) &rsassa_pss_options;
+ }
+ TEST_EQUAL( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg,
+ hash, hash_len, sig, sig_len ), 0 );
+
+exit:
+ mbedtls_pk_free( &pk );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c45f9f0..5939b39 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -842,7 +842,7 @@
PSA key policy: AEAD, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_SUPPORTED
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: AEAD, tag length > exact-length policy
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -1642,6 +1642,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+PSA MAC sign multipart: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":0:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC verify multipart: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":1:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-256
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
@@ -1650,6 +1658,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
+PSA MAC sign multipart: RFC4231 Test case 1 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":0:"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
+
+PSA MAC verify multipart: RFC4231 Test case 1 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_256):"4869205468657265":1:"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
+
PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-384
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
@@ -1658,6 +1674,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+PSA MAC sign multipart: RFC4231 Test case 1 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":0:"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+
+PSA MAC verify multipart: RFC4231 Test case 1 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_384):"4869205468657265":1:"afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"
+
PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-512
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
@@ -1666,6 +1690,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+PSA MAC sign multipart: RFC4231 Test case 1 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":0:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC verify multipart: RFC4231 Test case 1 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_512):"4869205468657265":1:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
PSA MAC verify: RFC4231 Test case 2 - HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_224):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44"
@@ -1682,6 +1714,22 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_512):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737"
+PSA MAC verify multipart: RFC4231 Test case 2 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_224):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":1:"a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44"
+
+PSA MAC verify multipart: RFC4231 Test case 2 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_256):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":1:"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"
+
+PSA MAC verify multipart: RFC4231 Test case 2 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_384):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":1:"af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"
+
+PSA MAC verify multipart: RFC4231 Test case 2 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"4a656665":PSA_ALG_HMAC(PSA_ALG_SHA_512):"7768617420646f2079612077616e7420666f72206e6f7468696e673f":1:"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737"
+
PSA MAC verify: RFC4231 Test case 3 - HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea"
@@ -1698,6 +1746,22 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb"
+PSA MAC verify multipart: RFC4231 Test case 3 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":1:"7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea"
+
+PSA MAC verify multipart: RFC4231 Test case 3 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":1:"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe"
+
+PSA MAC verify multipart: RFC4231 Test case 3 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":1:"88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27"
+
+PSA MAC verify multipart: RFC4231 Test case 3 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":1:"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb"
+
PSA MAC verify: RFC4231 Test case 4 - HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_224):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a"
@@ -1714,6 +1778,22 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_512):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd"
+PSA MAC verify multipart: RFC4231 Test case 4 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_224):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":1:"6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a"
+
+PSA MAC verify multipart: RFC4231 Test case 4 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_256):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":1:"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b"
+
+PSA MAC verify multipart: RFC4231 Test case 4 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_384):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":1:"3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb"
+
+PSA MAC verify multipart: RFC4231 Test case 4 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0102030405060708090a0b0c0d0e0f10111213141516171819":PSA_ALG_HMAC(PSA_ALG_SHA_512):"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":1:"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd"
+
PSA MAC verify: RFC4231 Test case 6 - HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e"
@@ -1730,6 +1810,18 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598"
+PSA MAC verify multipart: RFC4231 Test case 6 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":1:"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54"
+
+PSA MAC verify multipart: RFC4231 Test case 6 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":1:"4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952"
+
+PSA MAC verify multipart: RFC4231 Test case 6 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":1:"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598"
+
PSA MAC verify: RFC4231 Test case 7 - HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
@@ -1746,6 +1838,22 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"
+PSA MAC verify multipart: RFC4231 Test case 7 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":1:"3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
+
+PSA MAC verify multipart: RFC4231 Test case 7 - HMAC-SHA-256
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":1:"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"
+
+PSA MAC verify multipart: RFC4231 Test case 7 - HMAC-SHA-384
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_384):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":1:"6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e"
+
+PSA MAC verify multipart: RFC4231 Test case 7 - HMAC-SHA-512
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_512):"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e":1:"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"
+
PSA MAC sign: HMAC-SHA-224, truncated to 28 bytes (actual size)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
@@ -1754,6 +1862,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+PSA MAC sign multipart: HMAC-SHA-224, truncated to 28 bytes (actual size)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":0:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
+PSA MAC verify multipart: HMAC-SHA-224, truncated to 28 bytes (actual size)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 28):"4869205468657265":1:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
+
PSA MAC sign: HMAC-SHA-512, truncated to 64 bytes (actual size)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
@@ -1762,6 +1878,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+PSA MAC sign multipart: HMAC-SHA-512, truncated to 64 bytes (actual size)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":0:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
+PSA MAC verify multipart: HMAC-SHA-512, truncated to 64 bytes (actual size)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 64):"4869205468657265":1:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854"
+
PSA MAC sign: HMAC-SHA-224, truncated to 27 bytes
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
@@ -1770,6 +1894,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
+PSA MAC sign multipart: HMAC-SHA-224, truncated to 27 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":0:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
+
+PSA MAC verify multipart: HMAC-SHA-224, truncated to 27 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 27):"4869205468657265":1:"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b"
+
PSA MAC sign: HMAC-SHA-512, truncated to 63 bytes
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
@@ -1778,6 +1910,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
+PSA MAC sign multipart: HMAC-SHA-512, truncated to 63 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":0:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
+
+PSA MAC verify multipart: HMAC-SHA-512, truncated to 63 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 63):"4869205468657265":1:"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a1268"
+
PSA MAC sign: HMAC-SHA-224, truncated to 4 bytes
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":"896fb112"
@@ -1786,6 +1926,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":"896fb112"
+PSA MAC sign multipart: HMAC-SHA-224, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":0:"896fb112"
+
+PSA MAC verify multipart: HMAC-SHA-224, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 4):"4869205468657265":1:"896fb112"
+
PSA MAC sign: HMAC-SHA-512, truncated to 4 bytes
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde"
@@ -1794,6 +1942,14 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde"
+PSA MAC sign multipart: HMAC-SHA-512, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":0:"87aa7cde"
+
+PSA MAC verify multipart: HMAC-SHA-512, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+mac_sign_verify_multi:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":1:"87aa7cde"
+
PSA MAC sign: CMAC-3DES (CAVP vector #95)
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
mac_sign:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726"
@@ -1802,6 +1958,14 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
mac_verify:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726"
+PSA MAC sign multipart: CMAC-3DES (CAVP vector #95)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_sign_verify_multi:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":0:"e1d7c3736739e726"
+
+PSA MAC verify multipart: CMAC-3DES (CAVP vector #95)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_sign_verify_multi:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":1:"e1d7c3736739e726"
+
PSA MAC: CMAC-3DES-2key (not supported in PSA)
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
mac_setup:PSA_KEY_TYPE_DES:"89fe91f1c1ef2f01efc4c18f5715894c":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
@@ -1818,6 +1982,14 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+PSA MAC sign multipart: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":0:"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC verify multipart: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":1:"dfa66747de9ae63030ca32611497c827"
+
PSA MAC sign: CMAC-AES-128, truncated to 16 bytes (actual size)
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
@@ -1826,6 +1998,14 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
+PSA MAC sign multipart: CMAC-AES-128, truncated to 16 bytes (actual size)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":0:"dfa66747de9ae63030ca32611497c827"
+
+PSA MAC verify multipart: CMAC-AES-128, truncated to 16 bytes (actual size)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":1:"dfa66747de9ae63030ca32611497c827"
+
PSA MAC sign: CMAC-AES-128, truncated to 15 bytes
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c8"
@@ -1834,6 +2014,14 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c8"
+PSA MAC sign multipart: CMAC-AES-128, truncated to 15 bytes
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":0:"dfa66747de9ae63030ca32611497c8"
+
+PSA MAC verify multipart: CMAC-AES-128, truncated to 15 bytes
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 15):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":1:"dfa66747de9ae63030ca32611497c8"
+
PSA MAC sign: CMAC-AES-128, truncated to 4 bytes
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747"
@@ -1842,6 +2030,14 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747"
+PSA MAC sign multipart: CMAC-AES-128, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":0:"dfa66747"
+
+PSA MAC verify multipart: CMAC-AES-128, truncated to 4 bytes
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign_verify_multi:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":1:"dfa66747"
+
Cipher operation object initializers zero properly
cipher_operation_init:
@@ -1964,7 +2160,7 @@
cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9"
PSA symmetric encrypt validation: CCM*-no-tag, 15 bytes, good
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_validation:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"6bc1bee22e409f96e93d7e11739317"
PSA symmetric encrypt multipart: AES-ECB, 0 bytes, good
@@ -2028,7 +2224,7 @@
cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS
PSA symmetric encrypt multipart: CCM*-no-tag, AES, 24 bytes, good
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"f1100035bb24a8d26004e0e24b":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":10:10:14:"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":PSA_SUCCESS
PSA cipher decrypt: without initialization
@@ -2064,7 +2260,7 @@
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
-depends_on:MBEDTLS_AES_C
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-ECB, 0 bytes, good
@@ -2116,7 +2312,7 @@
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3"
PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
@@ -2180,7 +2376,7 @@
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":8:8:0:"c78e2b38139610e3":PSA_SUCCESS
PSA symmetric decrypt multipart: CCM*-no-tag, 24 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS
PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
@@ -2204,19 +2400,19 @@
cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric encrypt/decrypt: CCM*-no-tag, AES
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_verify_output:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
CCM*-no-tag encrypt, iv_length = 14, bad
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":14:PSA_ERROR_INVALID_ARGUMENT
CCM*-no-tag encrypt, iv_length = 13, good
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":13:PSA_SUCCESS
CCM*-no-tag encrypt, iv_length = 12, bad
-depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":12:PSA_ERROR_INVALID_ARGUMENT
PSA symmetric encryption multipart: AES-ECB, 16+16 bytes
@@ -2829,11 +3025,11 @@
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
depends_on:MBEDTLS_CHACHA20_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -3341,75 +3537,107 @@
PSA Multipart AEAD verify: AES - CCM, invalid signature
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"7c0a61c9f825a48671ea05910748c8ef":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"7c0a61c9f825a48671ea05910748c8ef":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, invalid signature, T = 4
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,4):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":"0748c8ef":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,4):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":"0748c8ef":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, T = 4, tag is truncated tag for T = 16
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,4):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d":"0748c8ef":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,4):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d":"0748c8ef":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, invalid tag length 0
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD verify: AES - CCM, invalid tag length 2
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"c8ef":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"c8ef":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - CCM, invalid tag length 3
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,3):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"c8ef":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD verify: AES - CCM, invalid tag length 15
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,15):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"0a61c9f825a48671ea05910748c8ef":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,15):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"c8ef":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - CCM, invalid tag length 17
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,17):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"c8ef":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD verify: AES - CCM, T = 16, but passing 15 bytes
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"0a61c9f825a48671ea05910748c8ef":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"0a61c9f825a48671ea05910748c8ef":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, T = 16, but passing 17 bytes
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"532b0a61c9f825a48671ea05910748c8ef":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"532b0a61c9f825a48671ea05910748c8ef":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, T = 16 but passing 0 bytes (valid buffer)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - CCM, T = 16 but passing 0 bytes (NULL buffer)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":0:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":0:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify, AES - GCM, invalid signature
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 14 bytes
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (valid buffer)
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (NULL buffer)
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart AEAD verify: AES - GCM, invalid tag length 0
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD verify: AES - GCM, invalid tag length 2
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - GCM, invalid tag length 3
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,3):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - GCM, invalid tag length 11
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,11):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: AES - GCM, invalid tag length 17
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,17):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 15
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 17
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag)
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_SIGNATURE
+aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE
PSA Multipart Nonce Generation: AES - CCM, NONCE = (Req 13 / Expect 13)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -3459,81 +3687,177 @@
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS
-PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NULL)
+PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NULL), set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:0:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:0:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NON-NULL)
+PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NON-NULL), set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:-1:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:-1:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: AES - CCM, NONCE = 6 (too small)
+PSA Multipart Set Nonce: AES - CCM, NONCE = 6 (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:6:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:6:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: AES - CCM, NONCE = 14 (too long)
+PSA Multipart Set Nonce: AES - CCM, NONCE = 12, set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:14:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:12:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_SUCCESS
-PSA Multipart Set Nonce: AES - CCM_8, NONCE = 6 (too small)
+PSA Multipart Set Nonce: AES - CCM, NONCE = 14 (too long), set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):6:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:14:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: AES - CCM_8, NONCE = 14 (too long)
+PSA Multipart Set Nonce: AES - CCM_8, NONCE = 6 (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):14:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):6:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) (too small)
+PSA Multipart Set Nonce: AES - CCM_8, NONCE = 14 (too long), set lengths after nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):14:SET_LENGTHS_AFTER_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) (too small)
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce, AES - GCM, NONCE = 16
+PSA Multipart Set Nonce, AES - GCM, NONCE = 16, set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:SET_LENGTHS_AFTER_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
-PSA Multipart Set Nonce, AES - GCM, NONCE = 20
+PSA Multipart Set Nonce, AES - GCM, NONCE = 20, set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:SET_LENGTHS_AFTER_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
-PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) (too small)
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) (too small)
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16, set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:SET_LENGTHS_AFTER_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
-PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20, set lengths after nonce
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:SET_LENGTHS_AFTER_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 (too small)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:SET_LENGTHS_AFTER_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12, set lengths after nonce
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:SET_LENGTHS_AFTER_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 (too big)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 (too big), set lengths after nonce
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:SET_LENGTHS_AFTER_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) (too small)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
-PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) (too small)
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) (too small), set lengths after nonce
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
-aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:SET_LENGTHS_AFTER_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NULL), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:0:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 0 (NON-NULL), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:-1:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 6 (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:6:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 12, set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:12:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_SUCCESS
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 14 (too long), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:14:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM_8, NONCE = 6 (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):6:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM_8, NONCE = 14 (too long), set lengths before nonce
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,8):14:SET_LENGTHS_BEFORE_NONCE:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM, NONCE = 16, set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:SET_LENGTHS_BEFORE_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM, NONCE = 20, set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:SET_LENGTHS_BEFORE_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16, set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:SET_LENGTHS_BEFORE_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20, set lengths before nonce
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:SET_LENGTHS_BEFORE_NONCE:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:SET_LENGTHS_BEFORE_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12, set lengths before nonce
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:SET_LENGTHS_BEFORE_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 (too big), set lengths before nonce
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:SET_LENGTHS_BEFORE_NONCE:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) (too small), set lengths before nonce
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:SET_LENGTHS_BEFORE_NONCE:"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA Multipart Set Nonce: AES - CCM, NONCE = 12, do not set lengths
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:12:DO_NOT_SET_LENGTHS:"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":PSA_SUCCESS
+
+PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16, do not set lengths
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:DO_NOT_SET_LENGTHS:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS
+
+PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12, do not set lengths
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:DO_NOT_SET_LENGTHS:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
PSA AEAD output buffer test: AES - CCM, IN = 40 BUF = 39
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -3611,14 +3935,106 @@
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED
-PSA AEAD setup: AES - CCM, invalid tag length 18
+PSA AEAD setup: AES - CCM, invalid tag length 0
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,18):PSA_ERROR_INVALID_ARGUMENT
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,0):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 2
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,2):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 3
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,3):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 5
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,5):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 7
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,7):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 9
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,9):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 11
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,11):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 13
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,13):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 15
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,15):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - CCM, invalid tag length 17
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM,17):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 0
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 2
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 3
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,3):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 5
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,5):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 7
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,7):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 9
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,9):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 10
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,10):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 11
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,11):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: AES - GCM, invalid tag length 17
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,17):PSA_ERROR_INVALID_ARGUMENT
+
+PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 0
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 15
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 17
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20
+aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):PSA_ERROR_NOT_SUPPORTED
PSA Multipart State Checks, AES - GCM
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+PSA Multipart State Checks, AES - CCM
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B0C":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+
+PSA Multipart State Checks, AES - CHACHAPOLY
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305
+aead_multipart_state_test:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":PSA_ALG_CHACHA20_POLY1305:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
@@ -4655,127 +5071,386 @@
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 32+10
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 0+42
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+41
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 41+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 1+40
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #2, output 82+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:1:0
PSA key derivation: HKDF SHA-256, RFC5869 #3, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:1:0
PSA key derivation: HKDF SHA-1, RFC5869 #4, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0
PSA key derivation: HKDF SHA-1, RFC5869 #5, output 82+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:1:0
PSA key derivation: HKDF SHA-1, RFC5869 #6, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:1:0
PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":"":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":"":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":0:1:0
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF
-derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
+derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":PSA_SUCCESS:0:"":PSA_SUCCESS:"":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":0:1:0
# Test case manually extracted from debug output of TLS-PSK run
# Label: "master secret"
# Salt: Concatenation of ClientHello.Random and ServerHello.Random
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":"":0:1:0
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":0:1:0
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":0:1:0
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":"":0:1:0
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":0:1:0
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
-derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:0:"":PSA_SUCCESS:"":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18":0:1:0
+
+# Mix-PSK-to-MS: test vectors are generated using python script (check commit message for details)
+# ol = other_secret length in bytes
+# k = input key, b = input bytes, ka = key agreement
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"034e4741bd6170120a8b8e8362d13575c6b857242f98021d7d7cd1221a1f8dedea66737c46daaf5458cafa51b00c92eb":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"034e4741bd6170120a8b8e8362d13575c6b857242f98021d":"7d7cd1221a1f8dedea66737c46daaf5458cafa51b00c92eb":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"034e4741bd6170120a8b8e8362d13575c6b857242f98021d7d7cd1221a1f8dedea66737c46daaf5458cafa51b00c92eb":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"086794a0bad6de74ef69c4155e34cad721915d57c7c31bd5f33aeaacf9fa4612a40b8e3b03857f0a2fa5af1a44dc2c55":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"086794a0bad6de74ef69c4155e34cad721915d57c7c31bd5":"f33aeaacf9fa4612a40b8e3b03857f0a2fa5af1a44dc2c55":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 0 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"086794a0bad6de74ef69c4155e34cad721915d57c7c31bd5f33aeaacf9fa4612a40b8e3b03857f0a2fa5af1a44dc2c55":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921":"b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a228ee5bb992f3e33a6ed1dd91138380d348664067b360618":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a":"228ee5bb992f3e33a6ed1dd91138380d348664067b360618":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 20 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a228ee5bb992f3e33a6ed1dd91138380d348664067b360618":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719":"464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932fb56683ed66ed282349baf0120918b40eff97402356be336":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932":"fb56683ed66ed282349baf0120918b40eff97402356be336":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 48 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932fb56683ed66ed282349baf0120918b40eff97402356be336":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b965e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b9":"65e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b965e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8affe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8af":"fe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 384 b
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8affe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921":"b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a228ee5bb992f3e33a6ed1dd91138380d348664067b360618":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a":"228ee5bb992f3e33a6ed1dd91138380d348664067b360618":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 20 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"0638ce4a3b9836d98be8a455860cdc4af3baa26d3db6962a228ee5bb992f3e33a6ed1dd91138380d348664067b360618":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719":"464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932fb56683ed66ed282349baf0120918b40eff97402356be336":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932":"fb56683ed66ed282349baf0120918b40eff97402356be336":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 48 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"a9635414fe0b271da9e049b500135698ec8f9e82a6a0f932fb56683ed66ed282349baf0120918b40eff97402356be336":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b965e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b9":"65e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"3220a4a956bd479d1c7c9c21a290e165d3d8444c283d98b965e703f1d4bcb809fad9835a180973c7c1b186a1e784462e":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 48+0, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8affe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 24+24, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8af":"fe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-384, 0+48, ol 384 k
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8affe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5fa61481f556193eaf884e30290d79b186c9cba7f4976e5085":"":2:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5f":"a61481f556193eaf884e30290d79b186c9cba7f4976e5085":2:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5fa61481f556193eaf884e30290d79b186c9cba7f4976e5085":2:1:0
+
+# bad state: other secret passed before seed
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0
+
+# bad state: other secret passed after secret
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #2, b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #2, k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #2, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0
+
+# bad state: other secret passed after label
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:"":48:"":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:"":48:"":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0
+
+# bad state: other secret passed twice
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, b
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE::0:"":PSA_SUCCESS:"":48:"":"":0:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, k
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:"":48:"":"":1:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0
+
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, other key is raw data
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":11:1:0
+
+# output key test: secret passed as key, other secret passed as key
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, output key ok #1
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":1:1:1
+
+# output key test: secret passed as key, other secret passed as bytes
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, output key ok #2
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":0:1:1
+
+# output key test: secret passed as bytes, other secret passed as key
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, output key not permitted #1
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":1:0:1
+
+# output key test: secret passed as bytes, other secret passed as bytes
+PSA key derivation: TLS 1.2 Mix-PSK-to-MS, output key not permitted #2
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"2d6cba7ad474ac3dfcc01516ed7161a9b00c2e8a35b3e921b9eb09b546a54c98491b21d1baafb659c9094b760144ea1f":"":0:0:1
PSA key derivation: HKDF SHA-256, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0
PSA key derivation: HKDF SHA-1, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0
PSA key derivation: HKDF SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -4787,19 +5462,19 @@
PSA key derivation: over capacity 42: output 42+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0
PSA key derivation: over capacity 42: output 41+2
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"65ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"65ff":0:1:0
PSA key derivation: over capacity 42: output 43+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"":0:1:0
PSA key derivation: over capacity 42: output 43+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff"
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff":0:1:0
PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -4869,6 +5544,14 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519, exercise ECDH
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH
+
PSA key derivation: HKDF SHA-256, derive key export, 16+32
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
@@ -4885,23 +5568,248 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
+PSA key derivation: HKDF-SHA-256 -> AES-128
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:"3cb25f25faacd57a90434f64d0362f2a"
+
+PSA key derivation: HKDF-SHA-256 -> AES-256
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
+
+PSA key derivation: HKDF-SHA-256 -> ECC secp256r1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5c0"
+
+PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"46a5850b60ba10b0fd8e0feb8790e2819d46ea26fede564ff6dea94ef1945660"
+
+PSA key derivation: HKDF-SHA-256 -> raw (same input as secp256r1+redraw)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_RAW_DATA:256:"ffffffff55f60cea989fe02543c81b28aff09b5b51fdc43f91fe5c2511b0b9d9"
+
+PSA key derivation: HKDF-SHA-256 -> ECC secp384r1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993c"
+
+# For secp521r1, the leading byte of the representation of the private key can
+# be either 0 or 1. Have one test case where it's 0 and one where it's 1.
+PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"00b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f0106d28fff039d0b6f3409"
+
+PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"01122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d706582f723a2f76a32260da"
+
+# For Curve25519, test a few different outputs to exercise masking (last byte of input_2 variation).
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"38b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c57f"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #2
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"b8122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #3
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"e029d8a4f83cfad631f18dca6aa995f3fa69dd6488a39e8d92fe8de6ca88694f"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #4
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fc":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"90958ef02dae8c97921a6e59eaa79f5445f76d0f4ab16cd97feba5e6586c264d"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #5
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fd":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"c099f692a89df2e9008aebe07012b5e128c9cfc1243bd32b7043ab21912d985d"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #6
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fe":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"d8929e4677193ca3b8b1035d93711ba917edac23c47fd45a403997361ec1475b"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve25519 #7
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:"c89d06c33cec5b3d08221a7228050e6919150a43592ae710162c97c0a2855b65"
+
+# For Curve448, test a few different outputs to exercise masking (last byte of input_2 variation).
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f81"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #2
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"bc122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d786"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #3
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"e429d8a4f83cfad631f18dca6aa995f3fa69dd6488a39e8d92fe8de6ca88694fedcdc273f4cefcb73478e8cbcc344c5d713b5eb26e89a9dd"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #4
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fc":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"90958ef02dae8c97921a6e59eaa79f5445f76d0f4ab16cd97feba5e6586c264dc114d7391112c6083b48ccc60d63c47642f5693898fe498c"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #5
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fd":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"c099f692a89df2e9008aebe07012b5e128c9cfc1243bd32b7043ab21912d98dd4f73c807b5cc60cbf3364e606ecaeccd3ce44ac46595959d"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #6
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fe":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"d8929e4677193ca3b8b1035d93711ba917edac23c47fd45a403997361ec1479b4eccf10bc9d1fa1a2e96b5c965a0045295516ab00665fc9b"
+
+PSA key derivation: HKDF-SHA-256 -> ECC curve448 #7
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"cc9d06c33cec5b3d08221a7228050e6919150a43592ae710162c97c0a2855b25c373305784895a1c48ca511ee42fc50c3f67d419569007ea"
+
PSA key derivation: invalid type (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_INVALID_ARGUMENT:0
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT:0
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0
-PSA key derivation: invalid length (0)
+PSA key derivation: invalid type (PSA_KEY_TYPE_RSA_PUBLIC_KEY)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RSA_PUBLIC_KEY:128:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: invalid type (PSA_KEY_TYPE_RSA_KEY_PAIR)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RSA_KEY_PAIR:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: invalid type (PSA_KEY_TYPE_ECC_PUBLIC_KEY)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: invalid length PSA_KEY_TYPE_RAW_DATA (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
-PSA key derivation: invalid length (7 bits)
+PSA key derivation: invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
+PSA key derivation: bits=0 invalid for ECC SECP_R1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC SECP_K1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC SECP_R2
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC SECT_K1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC SECT_R1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC SECT_R2
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC BRAINPOOL_P_R1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: bits=0 invalid for ECC MONTGOMERY
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC disabled)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_NOT_SUPPORTED:0
+
+
PSA key derivation: raw data, 8 bits
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 638a85c..ea0d5c4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -54,7 +54,7 @@
}
return( 1 );
}
-
+#if defined(MBEDTLS_ASN1_WRITE_C)
/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
static int asn1_write_10x( unsigned char **p,
unsigned char *start,
@@ -138,6 +138,7 @@
}
return( len );
}
+#endif /* MBEDTLS_ASN1_WRITE_C */
int exercise_mac_setup( psa_key_type_t key_type,
const unsigned char *key_bytes,
@@ -506,7 +507,7 @@
if( output_data && output_part_length )
{
- memcpy( ( output_data + part_offset ), part_data,
+ memcpy( ( output_data + output_length ), part_data,
output_part_length );
}
@@ -588,6 +589,122 @@
return( test_ok );
}
+/*!
+ * \brief Internal Function for MAC multipart tests.
+ * \param key_type_arg Type of key passed in
+ * \param key_data The encryption / decryption key data
+ * \param alg_arg The type of algorithm used
+ * \param input_data Data to encrypt / decrypt
+ * \param data_part_len_arg If not -1, the length of chunks to feed
+ * the data in to be encrypted / decrypted. If
+ * -1, no chunking
+ * \param expected_output Expected output
+ * \param is_verify If non-zero this is an verify operation.
+ * \param do_zero_parts If non-zero, interleave zero length chunks
+ * with normal length chunks.
+ * \return int Zero on failure, non-zero on success.
+ */
+static int mac_multipart_internal_func( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ int data_part_len_arg,
+ data_t *expected_output,
+ int is_verify,
+ int do_zero_parts )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ unsigned char mac[PSA_MAC_MAX_SIZE];
+ size_t part_offset = 0;
+ size_t part_length = 0;
+ size_t data_part_len = 0;
+ size_t mac_len = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ int test_ok = 0;
+ size_t part_count = 0;
+
+ PSA_INIT( );
+
+ if( is_verify )
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+ else
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ if( is_verify )
+ status = psa_mac_verify_setup( &operation, key, alg );
+ else
+ status = psa_mac_sign_setup( &operation, key, alg );
+
+ PSA_ASSERT( status );
+
+ if( data_part_len_arg != -1 )
+ {
+ /* Pass data in parts */
+ data_part_len = ( size_t ) data_part_len_arg;
+
+ for( part_offset = 0, part_count = 0;
+ part_offset < input_data->len;
+ part_offset += part_length, part_count++ )
+ {
+ if( do_zero_parts && ( part_count & 0x01 ) )
+ {
+ part_length = 0;
+ }
+ else if( ( input_data->len - part_offset ) < data_part_len )
+ {
+ part_length = ( input_data->len - part_offset );
+ }
+ else
+ {
+ part_length = data_part_len;
+ }
+
+ PSA_ASSERT( psa_mac_update( &operation,
+ ( input_data->x + part_offset ),
+ part_length ) );
+ }
+ }
+ else
+ {
+ /* Pass all data in one go. */
+ PSA_ASSERT( psa_mac_update( &operation, input_data->x,
+ input_data->len ) );
+ }
+
+ if( is_verify )
+ {
+ PSA_ASSERT( psa_mac_verify_finish( &operation, expected_output->x,
+ expected_output->len ) );
+ }
+ else
+ {
+ PSA_ASSERT( psa_mac_sign_finish( &operation, mac,
+ PSA_MAC_MAX_SIZE, &mac_len ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ mac, mac_len );
+ }
+
+ test_ok = 1;
+
+exit:
+ psa_destroy_key( key );
+ psa_mac_abort( &operation );
+ PSA_DONE( );
+
+ return( test_ok );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -758,7 +875,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C */
void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -1154,6 +1271,25 @@
mac, PSA_MAC_MAX_SIZE, &mac_len ),
expected_status_sign );
+ /* Calculate the MAC, multi-part case. */
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+ status = psa_mac_sign_setup( &operation, key, exercise_alg );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_mac_update( &operation, input, 128 );
+ if( status == PSA_SUCCESS )
+ TEST_EQUAL( psa_mac_sign_finish( &operation, mac, PSA_MAC_MAX_SIZE,
+ &mac_len ),
+ expected_status_sign );
+ else
+ TEST_EQUAL( status, expected_status_sign );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status_sign );
+ }
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+
/* Verify correct MAC, one-shot case. */
status = psa_mac_verify( key, exercise_alg, input, 128,
mac, mac_len );
@@ -1163,6 +1299,29 @@
else
TEST_EQUAL( status, expected_status_verify );
+ /* Verify correct MAC, multi-part case. */
+ status = psa_mac_verify_setup( &operation, key, exercise_alg );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_mac_update( &operation, input, 128 );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_mac_verify_finish( &operation, mac, mac_len );
+ if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS )
+ TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
+ else
+ TEST_EQUAL( status, expected_status_verify );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status_verify );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status_verify );
+ }
+
psa_mac_abort( &operation );
memset( mac, 0, sizeof( mac ) );
@@ -1187,8 +1346,20 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_usage_t policy_usage = policy_usage_arg;
+ size_t output_buffer_size = 0;
+ size_t input_buffer_size = 0;
+ size_t output_length = 0;
+ uint8_t *output = NULL;
+ uint8_t *input = NULL;
psa_status_t status;
+ input_buffer_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( exercise_alg );
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, exercise_alg,
+ input_buffer_size );
+
+ ASSERT_ALLOC( input, input_buffer_size );
+ ASSERT_ALLOC( output, output_buffer_size );
+
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, policy_usage );
@@ -1202,6 +1373,17 @@
TEST_EQUAL( policy_usage,
mbedtls_test_update_key_usage_flags( policy_usage ) );
+ /* Encrypt check, one-shot */
+ status = psa_cipher_encrypt( key, exercise_alg, input, input_buffer_size,
+ output, output_buffer_size,
+ &output_length);
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ /* Encrypt check, multi-part */
status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
@@ -1210,6 +1392,17 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
psa_cipher_abort( &operation );
+ /* Decrypt check, one-shot */
+ status = psa_cipher_decrypt( key, exercise_alg, output, output_buffer_size,
+ input, input_buffer_size,
+ &output_length);
+ if( policy_alg == exercise_alg &&
+ ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ /* Decrypt check, multi-part */
status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
@@ -1219,6 +1412,8 @@
exit:
psa_cipher_abort( &operation );
+ mbedtls_free( input );
+ mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
}
@@ -1236,6 +1431,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
@@ -1261,6 +1457,7 @@
TEST_EQUAL( policy_usage,
mbedtls_test_update_key_usage_flags( policy_usage ) );
+ /* Encrypt check, one-shot */
status = psa_aead_encrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
@@ -1272,6 +1469,14 @@
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ /* Encrypt check, multi-part */
+ status = psa_aead_encrypt_setup( &operation, key, exercise_alg );
+ if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
+ TEST_EQUAL( status, expected_status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ /* Decrypt check, one-shot */
memset( tag, 0, sizeof( tag ) );
status = psa_aead_decrypt( key, exercise_alg,
nonce, nonce_length,
@@ -1286,7 +1491,16 @@
else
TEST_EQUAL( status, expected_status );
+ /* Decrypt check, multi-part */
+ PSA_ASSERT( psa_aead_abort( &operation ) );
+ status = psa_aead_decrypt_setup( &operation, key, exercise_alg );
+ if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ else
+ TEST_EQUAL( status, expected_status );
+
exit:
+ PSA_ASSERT( psa_aead_abort( &operation ) );
psa_destroy_key( key );
PSA_DONE( );
}
@@ -1802,12 +2016,24 @@
int expected_status_arg )
{
psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
psa_status_t expected_status = expected_status_arg;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
+ /* Hash Setup, one-shot */
+ output_size = PSA_HASH_LENGTH( alg );
+ ASSERT_ALLOC( output, output_size );
+
+ status = psa_hash_compute( alg, NULL, 0,
+ output, output_size, &output_length );
+ TEST_EQUAL( status, expected_status );
+
+ /* Hash Setup, multi-part */
status = psa_hash_setup( &operation, alg );
TEST_EQUAL( status, expected_status );
@@ -1826,6 +2052,7 @@
#endif
exit:
+ mbedtls_free( output );
PSA_DONE( );
}
/* END_CASE */
@@ -1838,6 +2065,7 @@
uint8_t *output = NULL;
size_t output_size = output_size_arg;
size_t output_length = INVALID_EXPORT_LENGTH;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -1845,12 +2073,38 @@
PSA_ASSERT( psa_crypto_init( ) );
+ /* Hash Compute, one-shot */
status = psa_hash_compute( alg, input->x, input->len,
output, output_size, &output_length );
TEST_EQUAL( status, expected_status );
TEST_ASSERT( output_length <= output_size );
+ /* Hash Compute, multi-part */
+ status = psa_hash_setup( &operation, alg );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_hash_update( &operation, input->x, input->len );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_hash_finish( &operation, output, output_size,
+ &output_length );
+ if( status == PSA_SUCCESS )
+ TEST_ASSERT( output_length <= output_size );
+ else
+ TEST_EQUAL( status, expected_status );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+
exit:
+ PSA_ASSERT( psa_hash_abort( &operation ) );
mbedtls_free( output );
PSA_DONE( );
}
@@ -1863,15 +2117,39 @@
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
+ /* Hash Compare, one-shot */
status = psa_hash_compare( alg, input->x, input->len,
reference_hash->x, reference_hash->len );
TEST_EQUAL( status, expected_status );
+ /* Hash Compare, multi-part */
+ status = psa_hash_setup( &operation, alg );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_hash_update( &operation, input->x, input->len );
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_hash_verify( &operation, reference_hash->x,
+ reference_hash->len );
+ TEST_EQUAL( status, expected_status );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+
exit:
+ PSA_ASSERT( psa_hash_abort( &operation ) );
PSA_DONE( );
}
/* END_CASE */
@@ -1883,11 +2161,12 @@
psa_algorithm_t alg = alg_arg;
uint8_t output[PSA_HASH_MAX_SIZE + 1];
size_t output_length = INVALID_EXPORT_LENGTH;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
size_t i;
PSA_ASSERT( psa_crypto_init( ) );
- /* Compute with tight buffer */
+ /* Compute with tight buffer, one-shot */
PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
output, PSA_HASH_LENGTH( alg ),
&output_length ) );
@@ -1895,7 +2174,17 @@
ASSERT_COMPARE( output, output_length,
expected_output->x, expected_output->len );
- /* Compute with larger buffer */
+ /* Compute with tight buffer, multi-part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ PSA_ASSERT( psa_hash_finish( &operation, output,
+ PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
+ ASSERT_COMPARE( output, output_length,
+ expected_output->x, expected_output->len );
+
+ /* Compute with larger buffer, one-shot */
PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
output, sizeof( output ),
&output_length ) );
@@ -1903,32 +2192,69 @@
ASSERT_COMPARE( output, output_length,
expected_output->x, expected_output->len );
- /* Compare with correct hash */
+ /* Compute with larger buffer, multi-part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ PSA_ASSERT( psa_hash_finish( &operation, output,
+ sizeof( output ), &output_length ) );
+ TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
+ ASSERT_COMPARE( output, output_length,
+ expected_output->x, expected_output->len );
+
+ /* Compare with correct hash, one-shot */
PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
output, output_length ) );
- /* Compare with trailing garbage */
+ /* Compare with correct hash, multi-part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ PSA_ASSERT( psa_hash_verify( &operation, output,
+ output_length ) );
+
+ /* Compare with trailing garbage, one-shot */
TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
output, output_length + 1 ),
PSA_ERROR_INVALID_SIGNATURE );
- /* Compare with truncated hash */
+ /* Compare with trailing garbage, multi-part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( psa_hash_verify( &operation, output, output_length + 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Compare with truncated hash, one-shot */
TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
output, output_length - 1 ),
PSA_ERROR_INVALID_SIGNATURE );
+ /* Compare with truncated hash, multi-part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( psa_hash_verify( &operation, output, output_length - 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
/* Compare with corrupted value */
for( i = 0; i < output_length; i++ )
{
mbedtls_test_set_step( i );
output[i] ^= 1;
+
+ /* One-shot */
TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
output, output_length ),
PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Multi-Part */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( psa_hash_verify( &operation, output, output_length ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
output[i] ^= 1;
}
exit:
+ PSA_ASSERT( psa_hash_abort( &operation ) );
PSA_DONE( );
}
/* END_CASE */
@@ -2381,6 +2707,45 @@
/* END_CASE */
/* BEGIN_CASE */
+void mac_sign_verify_multi( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ int is_verify,
+ data_t *expected_mac )
+{
+ size_t data_part_len = 0;
+
+ for( data_part_len = 1; data_part_len <= input->len; data_part_len++ )
+ {
+ /* Split data into length(data_part_len) parts. */
+ mbedtls_test_set_step( 2000 + data_part_len );
+
+ if( mac_multipart_internal_func( key_type_arg, key_data,
+ alg_arg,
+ input, data_part_len,
+ expected_mac,
+ is_verify, 0 ) == 0 )
+ break;
+
+ /* length(0) part, length(data_part_len) part, length(0) part... */
+ mbedtls_test_set_step( 3000 + data_part_len );
+
+ if( mac_multipart_internal_func( key_type_arg, key_data,
+ alg_arg,
+ input, data_part_len,
+ expected_mac,
+ is_verify, 1 ) == 0 )
+ break;
+ }
+
+ /* Goto is required to silence warnings about unused labels, as we
+ * don't actually do any test assertions in this function. */
+ goto exit;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mac_sign( int key_type_arg,
data_t *key_data,
int alg_arg,
@@ -2830,9 +3195,14 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
+ unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = {0};
+ size_t iv_size = PSA_CIPHER_IV_MAX_SIZE;
+ size_t iv_length = 0;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t output_length = 0;
+ size_t function_output_length;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if ( PSA_ERROR_BAD_STATE != expected_status )
@@ -2851,12 +3221,48 @@
&key ) );
}
+ /* Encrypt, one-shot */
status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
output_buffer_size, &output_length );
TEST_EQUAL( status, expected_status );
+ /* Encrypt, multi-part */
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
+ if( status == PSA_SUCCESS )
+ {
+ if( alg != PSA_ALG_ECB_NO_PADDING )
+ {
+ PSA_ASSERT( psa_cipher_generate_iv( &operation,
+ iv, iv_size,
+ &iv_length ) );
+ }
+
+ status = psa_cipher_update( &operation, input->x, input->len,
+ output, output_buffer_size,
+ &function_output_length );
+ if( status == PSA_SUCCESS )
+ {
+ output_length += function_output_length;
+
+ status = psa_cipher_finish( &operation, output + output_length,
+ output_buffer_size - output_length,
+ &function_output_length );
+
+ TEST_EQUAL( status, expected_status );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+
exit:
+ psa_cipher_abort( &operation );
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
@@ -2935,6 +3341,7 @@
&iv_length ),
PSA_ERROR_BAD_STATE );
+ /* Encrypt, one-shot */
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
output_buffer_size, &output_length ) );
TEST_ASSERT( output_length <=
@@ -2944,7 +3351,24 @@
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, output_length );
+
+ /* Encrypt, multi-part */
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len,
+ output, output_buffer_size,
+ &output_length) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, output_length );
+
exit:
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
@@ -3292,8 +3716,11 @@
unsigned char *input = NULL;
size_t input_buffer_size = 0;
unsigned char *output = NULL;
+ unsigned char *output_multi = NULL;
size_t output_buffer_size = 0;
size_t output_length = 0;
+ size_t function_output_length;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if ( PSA_ERROR_BAD_STATE != expected_status )
@@ -3320,13 +3747,65 @@
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
ASSERT_ALLOC( output, output_buffer_size );
+ /* Decrypt, one-short */
status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
output_buffer_size, &output_length );
TEST_EQUAL( status, expected_status );
+ /* Decrypt, multi-part */
+ status = psa_cipher_decrypt_setup( &operation, key, alg );
+ if( status == PSA_SUCCESS )
+ {
+ output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg,
+ input_arg->len ) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
+ ASSERT_ALLOC( output_multi, output_buffer_size );
+
+ if( iv->len > 0 )
+ {
+ status = psa_cipher_set_iv( &operation, iv->x, iv->len );
+
+ if( status != PSA_SUCCESS )
+ TEST_EQUAL( status, expected_status );
+ }
+
+ if( status == PSA_SUCCESS )
+ {
+ status = psa_cipher_update( &operation,
+ input_arg->x, input_arg->len,
+ output_multi, output_buffer_size,
+ &function_output_length );
+ if( status == PSA_SUCCESS )
+ {
+ output_length = function_output_length;
+
+ status = psa_cipher_finish( &operation,
+ output_multi + output_length,
+ output_buffer_size - output_length,
+ &function_output_length );
+
+ TEST_EQUAL( status, expected_status );
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+ }
+ else
+ {
+ TEST_EQUAL( status, expected_status );
+ }
+
exit:
+ psa_cipher_abort( &operation );
mbedtls_free( input );
mbedtls_free( output );
+ mbedtls_free( output_multi );
psa_destroy_key( key );
PSA_DONE( );
}
@@ -4117,6 +4596,7 @@
void aead_multipart_set_nonce( int key_type_arg, data_t *key_data,
int alg_arg,
int nonce_length_arg,
+ int set_lengths_method_arg,
data_t *additional_data,
data_t *input_data,
int expected_status_arg )
@@ -4139,6 +4619,7 @@
size_t tag_length = 0;
uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
size_t index = 0;
+ set_lengths_method_t set_lengths_method = set_lengths_method_arg;
PSA_ASSERT( psa_crypto_init( ) );
@@ -4196,26 +4677,40 @@
}
}
+ if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE )
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+ }
+
status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length );
TEST_EQUAL( status, expected_status );
if( expected_status == PSA_SUCCESS )
{
- /* Ensure we can still complete operation. */
- PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
- input_data->len ) );
+ if( set_lengths_method == SET_LENGTHS_AFTER_NONCE )
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+ }
+ if( operation.alg == PSA_ALG_CCM && set_lengths_method == DO_NOT_SET_LENGTHS )
+ expected_status = PSA_ERROR_BAD_STATE;
- PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
- additional_data->len ) );
+ /* Ensure we can still complete operation, unless it's CCM and we didn't set lengths. */
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ expected_status );
- PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
+ TEST_EQUAL( psa_aead_update( &operation, input_data->x, input_data->len,
output, output_size,
- &ciphertext_length ) );
+ &ciphertext_length ),
+ expected_status );
- PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size,
+ TEST_EQUAL( psa_aead_finish( &operation, ciphertext, ciphertext_size,
&ciphertext_length, tag_buffer,
- PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
+ PSA_AEAD_TAG_MAX_SIZE, &tag_length ),
+ expected_status );
}
exit:
@@ -4409,6 +4904,7 @@
data_t *input_data,
data_t *tag,
int tag_usage_arg,
+ int expected_setup_status_arg,
int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4418,6 +4914,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;
+ psa_status_t expected_setup_status = expected_setup_status_arg;
unsigned char *plaintext = NULL;
unsigned char *finish_plaintext = NULL;
size_t plaintext_size = 0;
@@ -4457,6 +4954,10 @@
MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
}
+ TEST_EQUAL( status, expected_setup_status );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
PSA_ASSERT( status );
@@ -4464,17 +4965,7 @@
status = psa_aead_set_lengths( &operation, additional_data->len,
input_data->len );
-
- if( status != PSA_SUCCESS )
- {
- /* Invalid tag lengths are detected in CCM at this point, as they
- * would be written into the first block. They should really be
- * detected in psa_aead_encrypt/decrypt_setup, and will be fixed
- * to do so in the future, until that point, this is a
- * workaround.*/
- TEST_EQUAL( status, expected_status );
- goto exit;
- }
+ PSA_ASSERT( status );
PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
additional_data->len ) );
@@ -4781,6 +5272,208 @@
psa_aead_abort( &operation );
+ /* Test for generating nonce after calling set lengths */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+
+ psa_aead_abort( &operation );
+
+ /* Test for generating nonce after calling set lengths with UINT32_MAX ad_data length */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* Test for generating nonce after calling set lengths with SIZE_MAX ad_data length */
+#if SIZE_MAX > UINT32_MAX
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ }
+
+ psa_aead_abort( &operation );
+#endif
+
+ /* Test for calling set lengths with a UINT32_MAX ad_data length, after generating nonce */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+ /* Test for setting nonce after calling set lengths */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ psa_aead_abort( &operation );
+
+ /* Test for setting nonce after calling set lengths with UINT32_MAX ad_data length */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* Test for setting nonce after calling set lengths with SIZE_MAX ad_data length */
+#if SIZE_MAX > UINT32_MAX
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+ }
+
+ psa_aead_abort( &operation );
+#endif
+
+ /* Test for calling set lengths with an ad_data length of UINT32_MAX, after setting nonce */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* Test for setting nonce after calling set lengths with plaintext length of SIZE_MAX */
+#if SIZE_MAX > UINT32_MAX
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_GCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ SIZE_MAX ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else if ( operation.alg != PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ SIZE_MAX ) );
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* Test for calling set lengths with an plaintext length of SIZE_MAX, after setting nonce */
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ if( operation.alg == PSA_ALG_GCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ SIZE_MAX ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else if ( operation.alg != PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ SIZE_MAX ) );
+ }
+
+ psa_aead_abort( &operation );
+#endif
+
/* ------------------------------------------------------- */
PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
@@ -4820,19 +5513,28 @@
psa_aead_abort( &operation );
- /* Test for setting lengths after already starting data. */
+ /* Test for setting lengths after setting nonce + already starting data. */
PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
- additional_data->len ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
- TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
- input_data->len ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* ------------------------------------------------------- */
@@ -4841,14 +5543,133 @@
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update( &operation, input_data->x,
- input_data->len, output_data,
- output_size, &output_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ),
+ PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
- input_data->len ),
- PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* Test for setting lengths after generating nonce + already starting data. */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ),
+ PSA_ERROR_BAD_STATE );
+
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* Test for not sending any additional data or data after setting non zero
@@ -5004,14 +5825,16 @@
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update( &operation, input_data->x,
- input_data->len, output_data,
- output_size, &output_length ) );
+ if( operation.alg != PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
- TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
- additional_data->len ),
- PSA_ERROR_BAD_STATE );
-
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* Test calling finish on decryption. */
@@ -6074,19 +6897,27 @@
/* BEGIN_CASE */
void derive_output( int alg_arg,
- int step1_arg, data_t *input1,
- int step2_arg, data_t *input2,
- int step3_arg, data_t *input3,
+ int step1_arg, data_t *input1, int expected_status_arg1,
+ int step2_arg, data_t *input2, int expected_status_arg2,
+ int step3_arg, data_t *input3, int expected_status_arg3,
+ int step4_arg, data_t *input4, int expected_status_arg4,
+ data_t *key_agreement_peer_key,
int requested_capacity_arg,
data_t *expected_output1,
- data_t *expected_output2 )
+ data_t *expected_output2,
+ int other_key_input_type,
+ int key_input_type,
+ int derive_type )
{
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
- data_t *inputs[] = {input1, input2, input3};
- mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
- MBEDTLS_SVC_KEY_ID_INIT,
- MBEDTLS_SVC_KEY_ID_INIT };
+ psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg, step4_arg};
+ data_t *inputs[] = {input1, input2, input3, input4};
+ mbedtls_svc_key_id_t keys[] = {MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT};
+ psa_status_t statuses[] = {expected_status_arg1, expected_status_arg2,
+ expected_status_arg3, expected_status_arg4};
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
@@ -6097,7 +6928,11 @@
uint8_t *output_buffer = NULL;
size_t expected_capacity;
size_t current_capacity;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes3 = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes4 = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
size_t i;
@@ -6111,10 +6946,6 @@
ASSERT_ALLOC( output_buffer, output_buffer_size );
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
-
/* Extraction phase. */
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
@@ -6126,19 +6957,89 @@
case 0:
break;
case PSA_KEY_DERIVATION_INPUT_SECRET:
- PSA_ASSERT( psa_import_key( &attributes,
- inputs[i]->x, inputs[i]->len,
- &keys[i] ) );
-
- if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ switch( key_input_type )
{
- PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
- TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
- PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
+ case 0: // input bytes
+ PSA_ASSERT( psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len ) );
+ break;
+ case 1: // input key
+ psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes1, alg );
+ psa_set_key_type( &attributes1, PSA_KEY_TYPE_DERIVE );
+
+ PSA_ASSERT( psa_import_key( &attributes1,
+ inputs[i]->x, inputs[i]->len,
+ &keys[i] ) );
+
+ if( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ {
+ PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes1 ) );
+ TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes1 ) ) <=
+ PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
+ }
+
+ PSA_ASSERT( psa_key_derivation_input_key( &operation,
+ steps[i],
+ keys[i] ) );
+ break;
+ default:
+ TEST_ASSERT( ! "default case not supported" );
+ break;
+ }
+ break;
+ case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
+ switch( other_key_input_type )
+ {
+ case 0: // input bytes
+ TEST_EQUAL( psa_key_derivation_input_bytes( &operation,
+ steps[i],
+ inputs[i]->x,
+ inputs[i]->len ),
+ statuses[i] );
+ break;
+ case 1: // input key, type DERIVE
+ case 11: // input key, type RAW
+ psa_set_key_usage_flags( &attributes2, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes2, alg );
+ psa_set_key_type( &attributes2, PSA_KEY_TYPE_DERIVE );
+
+ // other secret of type RAW_DATA passed with input_key
+ if( other_key_input_type == 11 )
+ psa_set_key_type( &attributes2, PSA_KEY_TYPE_RAW_DATA );
+
+ PSA_ASSERT( psa_import_key( &attributes2,
+ inputs[i]->x, inputs[i]->len,
+ &keys[i] ) );
+
+ TEST_EQUAL( psa_key_derivation_input_key( &operation,
+ steps[i],
+ keys[i] ),
+ statuses[i] );
+ break;
+ case 2: // key agreement
+ psa_set_key_usage_flags( &attributes3, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes3, alg );
+ psa_set_key_type( &attributes3, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) );
+
+ PSA_ASSERT( psa_import_key( &attributes3,
+ inputs[i]->x, inputs[i]->len,
+ &keys[i] ) );
+
+ TEST_EQUAL( psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_OTHER_SECRET,
+ keys[i], key_agreement_peer_key->x,
+ key_agreement_peer_key->len ), statuses[i] );
+ break;
+ default:
+ TEST_ASSERT( ! "default case not supported" );
+ break;
}
- PSA_ASSERT( psa_key_derivation_input_key(
- &operation, steps[i], keys[i] ) );
+ if( statuses[i] != PSA_SUCCESS )
+ goto exit;
break;
default:
PSA_ASSERT( psa_key_derivation_input_bytes(
@@ -6153,37 +7054,57 @@
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
- /* Expansion phase. */
- for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
+ if( derive_type == 1 ) // output key
{
- /* Read some bytes. */
- status = psa_key_derivation_output_bytes( &operation,
- output_buffer, output_sizes[i] );
- if( expected_capacity == 0 && output_sizes[i] == 0 )
+ psa_status_t expected_status = PSA_ERROR_NOT_PERMITTED;
+
+ /* For output key derivation secret must be provided using
+ input key, otherwise operation is not permitted. */
+ if( key_input_type == 1 )
+ expected_status = PSA_SUCCESS;
+
+ psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes4, alg );
+ psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE );
+ psa_set_key_bits( &attributes4, 48 );
+
+ TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation,
+ &derived_key ), expected_status );
+ }
+ else // output bytes
+ {
+ /* Expansion phase. */
+ for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
- /* Reading 0 bytes when 0 bytes are available can go either way. */
- TEST_ASSERT( status == PSA_SUCCESS ||
- status == PSA_ERROR_INSUFFICIENT_DATA );
- continue;
+ /* Read some bytes. */
+ status = psa_key_derivation_output_bytes( &operation,
+ output_buffer, output_sizes[i] );
+ if( expected_capacity == 0 && output_sizes[i] == 0 )
+ {
+ /* Reading 0 bytes when 0 bytes are available can go either way. */
+ TEST_ASSERT( status == PSA_SUCCESS ||
+ status == PSA_ERROR_INSUFFICIENT_DATA );
+ continue;
+ }
+ else if( expected_capacity == 0 ||
+ output_sizes[i] > expected_capacity )
+ {
+ /* Capacity exceeded. */
+ TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
+ expected_capacity = 0;
+ continue;
+ }
+ /* Success. Check the read data. */
+ PSA_ASSERT( status );
+ if( output_sizes[i] != 0 )
+ ASSERT_COMPARE( output_buffer, output_sizes[i],
+ expected_outputs[i], output_sizes[i] );
+ /* Check the operation status. */
+ expected_capacity -= output_sizes[i];
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+ ¤t_capacity ) );
+ TEST_EQUAL( expected_capacity, current_capacity );
}
- else if( expected_capacity == 0 ||
- output_sizes[i] > expected_capacity )
- {
- /* Capacity exceeded. */
- TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
- expected_capacity = 0;
- continue;
- }
- /* Success. Check the read data. */
- PSA_ASSERT( status );
- if( output_sizes[i] != 0 )
- ASSERT_COMPARE( output_buffer, output_sizes[i],
- expected_outputs[i], output_sizes[i] );
- /* Check the operation status. */
- expected_capacity -= output_sizes[i];
- PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
- ¤t_capacity ) );
- TEST_EQUAL( expected_capacity, current_capacity );
}
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
@@ -6192,6 +7113,7 @@
psa_key_derivation_abort( &operation );
for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
psa_destroy_key( keys[i] );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -6410,6 +7332,65 @@
/* END_CASE */
/* BEGIN_CASE */
+void derive_key_type( int alg_arg,
+ data_t *key_data,
+ data_t *input1,
+ data_t *input2,
+ int key_type_arg, int bits_arg,
+ data_t *expected_export )
+{
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
+ const psa_algorithm_t alg = alg_arg;
+ const psa_key_type_t key_type = key_type_arg;
+ const size_t bits = bits_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ const size_t export_buffer_size =
+ PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, bits );
+ uint8_t *export_buffer = NULL;
+ psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ size_t export_length;
+
+ ASSERT_ALLOC( export_buffer, export_buffer_size );
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &base_attributes, alg );
+ psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+ PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
+ &base_key ) );
+
+ if( mbedtls_test_psa_setup_key_derivation_wrap(
+ &operation, base_key, alg,
+ input1->x, input1->len,
+ input2->x, input2->len,
+ PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ) == 0 )
+ goto exit;
+
+ psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &derived_attributes, 0 );
+ psa_set_key_type( &derived_attributes, key_type );
+ psa_set_key_bits( &derived_attributes, bits );
+ PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
+ &derived_key ) );
+
+ PSA_ASSERT( psa_export_key( derived_key,
+ export_buffer, export_buffer_size,
+ &export_length ) );
+ ASSERT_COMPARE( export_buffer, export_length,
+ expected_export->x, expected_export->len );
+
+exit:
+ mbedtls_free( export_buffer );
+ psa_key_derivation_abort( &operation );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void derive_key( int alg_arg,
data_t *key_data, data_t *input1, data_t *input2,
int type_arg, int bits_arg,
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index ea6c9b3..bf1e01b 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -1,68 +1,238 @@
-sign_hash through transparent driver: calculate in driver
-ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
+sign_hash transparent driver: in driver ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
-sign_hash through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_sign_hash:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
+sign_hash transparent driver: fallback ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
-sign_hash through transparent driver: error
-ecdsa_sign_hash:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR
+sign_hash transparent driver: error ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR
-sign_hash through transparent driver: fake
-ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
+sign_hash transparent driver: fake ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
-verify_hash using private key through transparent driver: calculate in driver
-ecdsa_verify_hash:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+sign_hash transparent driver: in driver RSA PKCS#1 v1.5, raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS
-verify_hash using private key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+sign_hash transparent driver: fallback RSA PKCS#1 v1.5, raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS
-verify_hash using private key through transparent driver: error
-ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
+sign_hash transparent driver: error RSA PKCS#1 v1.5, raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_ERROR_GENERIC_ERROR
-verify_hash using public key through transparent driver: calculate in driver
-ecdsa_verify_hash:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+sign_hash transparent driver: fake RSA PKCS#1 v1.5, raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":1:PSA_SUCCESS
-verify_hash using public key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+sign_hash transparent driver: in driver RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
-verify_hash using public key through transparent driver: error
-ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
+sign_hash transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
-sign_message through transparent driver: calculate in driver
-ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+sign_hash transparent driver: error RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR
-sign_message through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_sign_message:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+sign_hash transparent driver: fake RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS
-sign_message through transparent driver: error
-ecdsa_sign_message:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_ERROR_GENERIC_ERROR
+verify_hash transparent driver: in driver ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
-sign_message through transparent driver: fake
-ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
+verify_hash transparent driver: fallback ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
-verify_message using private key through transparent driver: calculate in driver
-ecdsa_verify_message:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+verify_hash transparent driver: error ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
-verify_message using private key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+verify_hash transparent driver: in driver Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
-verify_message using private key through transparent driver: error
-ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
+verify_hash transparent driver: fallback Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
-verify_message using public key through transparent driver: calculate in driver
-ecdsa_verify_message:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+verify_hash transparent driver: error Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
-verify_message using public key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS
-verify_message using public key through transparent driver: error
-ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
+verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS
+
+verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_ERROR_GENERIC_ERROR
+
+verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
+
+verify_hash transparent driver: in driver Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_hash transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_hash transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
+
+verify_hash transparent driver: in driver Public Key RSA-1024 PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
+
+verify_hash transparent driver: fallback Public Key RSA-1024 PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
+
+verify_hash transparent driver: error Public Key RSA-1024 PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR
+
+verify_hash transparent driver: in driver Public Key RSA-1024 PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
+
+verify_hash transparent driver: fallback Public Key RSA-1024 PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
+
+verify_hash transparent driver: error Public Key RSA-1024 PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR
+
+sign_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+
+sign_message transparent driver: fallback ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+
+sign_message transparent driver: error ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_ERROR_GENERIC_ERROR
+
+sign_message transparent driver: fake ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
+
+sign_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
+
+sign_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
+
+sign_message transparent driver: error RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR
+
+sign_message transparent driver: fake RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS
+
+verify_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message transparent driver: fallback ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message transparent driver: error ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
+
+verify_message transparent driver: calculate in driver Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message transparent driver: fallback Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message transparent driver: error Public Key ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
+
+verify_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_message transparent driver: error RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
+
+verify_message transparent driver: calculate in driver Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_message transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
+
+verify_message transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
+
+verify_message transparent driver: calculate in driver Public Key RSA PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS
+
+verify_message transparent driver: fallback Public Key RSA PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS
+
+verify_message transparent driver: error Public Key RSA PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_ERROR_GENERIC_ERROR
+
+verify_message transparent driver: calculate in driver Public Key RSA PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS
+
+verify_message transparent driver: fallback Public Key RSA PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS
+
+verify_message transparent driver: error Public Key RSA PSS-any-salt SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_ERROR_GENERIC_ERROR
generate_key through transparent driver: fake
generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS
@@ -83,23 +253,35 @@
validate key through transparent driver: good private key
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
+validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through transparent driver: good public key
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
+validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: fallback private key
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
-validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
+validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through transparent driver: fallback public key
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
-validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
+validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: error
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
+validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
+
+validate key through opaque driver: good private key
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
+validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
+
+validate key through opaque driver: good public key
+depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
+validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
+
+validate key through opaque driver: error
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
export_key private to public through driver: fake
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
@@ -305,6 +487,22 @@
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY
+PSA MAC sign multipart, through driver: HMAC-SHA-224, parts: 0
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_sign_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"ba7d81028e07b30466b867d8fefaa52db111d56b45df5a0e1465bf39":0:PSA_SUCCESS
+
+PSA MAC sign multipart, through driver: HMAC-SHA-224, parts: 1
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_sign_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":1:PSA_SUCCESS
+
+PSA MAC sign multipart, through driver: HMAC-SHA-224, parts: 2
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_sign_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":2:PSA_SUCCESS
+
+PSA MAC sign multipart, through driver: HMAC-SHA-224, parts: 3
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_sign_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":3:PSA_SUCCESS
+
PSA MAC sign, through driver: HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS
@@ -329,6 +527,22 @@
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR
+PSA MAC verify multipart, through driver: HMAC-SHA-224, parts: 0
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_verify_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"ba7d81028e07b30466b867d8fefaa52db111d56b45df5a0e1465bf39":0:PSA_SUCCESS
+
+PSA MAC verify multipart, through driver: HMAC-SHA-224, parts: 1
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_verify_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":1:PSA_SUCCESS
+
+PSA MAC verify multipart, through driver: HMAC-SHA-224, parts: 2
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_verify_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":2:PSA_SUCCESS
+
+PSA MAC verify multipart, through driver: HMAC-SHA-224, parts: 3
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_verify_multipart:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":3:PSA_SUCCESS
+
PSA MAC verify, through driver: HMAC-SHA-224
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS
@@ -438,3 +652,143 @@
Hash clone: SHA-256, clone failure
depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
hash_clone:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
+
+PSA encrypt-decrypt transparent driver: in-driver RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fake encryption output RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"3e6a20c1b4aa47e30aaf3152c13cf3bfd21f16fd31c3d9015f087d30bc65697d139f0186876741f7ffd1cbd786de32e300556ee6e5b5732041c7389a404b210f04c96b705cc532e4ab5bfa210503cc5f6d195df2082cff9a523a83f9b9e740b61b13039ec1d52958b45aa3df6317509a612a9cdf2387f46968590e97de668bee":"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fake decryption output RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: encryption fallback RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: decryption fallback RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fallback not available RSA PKCS#1 v1.5
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED::PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA encrypt-decrypt transparent driver: encryption error RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: decryption error RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR
+
+PSA encrypt-decrypt transparent driver: in-driver RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fake encryption output RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"3e6a20c1b4aa47e30aaf3152c13cf3bfd21f16fd31c3d9015f087d30bc65697d139f0186876741f7ffd1cbd786de32e300556ee6e5b5732041c7389a404b210f04c96b705cc532e4ab5bfa210503cc5f6d195df2082cff9a523a83f9b9e740b61b13039ec1d52958b45aa3df6317509a612a9cdf2387f46968590e97de668bee":"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fake decryption output RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: encryption fallback RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: decryption fallback RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: fallback not available RSA OAEP-SHA-256
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED::PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA encrypt-decrypt transparent driver: encryption error RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS
+
+PSA encrypt-decrypt transparent driver: decryption error RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR
+
+PSA decrypt transparent driver: in-driver RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_SUCCESS:PSA_SUCCESS
+
+PSA decrypt transparent driver: fake decryption output RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":PSA_SUCCESS:PSA_SUCCESS
+
+PSA decrypt transparent driver: decryption fallback RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA decrypt transparent driver: fallback not available RSA PKCS#1 v1.5
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA decrypt transparent driver: in-driver RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_SUCCESS:PSA_SUCCESS
+
+PSA decrypt transparent driver: fake decryption output RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":"b00361a396177a9cb410ff61f20015adba7816bf8f01cfea414140de5dae2223":PSA_SUCCESS:PSA_SUCCESS
+
+PSA decrypt transparent driver: decryption fallback RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA decrypt transparent driver: fallback not available RSA OAEP-SHA-256
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA encrypt transparent driver: in-driver RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt transparent driver: fake encryption output RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"112233445566778899aabbccddee":PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt transparent driver: encryption fallback RSA PKCS#1 v1.5
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA encrypt transparent driver: fallback not available RSA PKCS#1 v1.5
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA encrypt transparent driver: in-driver RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt transparent driver: fake encryption output RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"112233445566778899aabbccddee":PSA_SUCCESS:PSA_SUCCESS
+
+PSA encrypt transparent driver: encryption fallback RSA OAEP-SHA-256
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA encrypt transparent driver: fallback not available RSA OAEP-SHA-256
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_SUCCESS:PSA_SUCCESS
+
+PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 64adba9..9e433bc 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -1,5 +1,78 @@
/* BEGIN_HEADER */
#include "test/drivers/test_driver.h"
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+/* Sanity checks on the output of RSA encryption.
+ *
+ * \param modulus Key modulus. Must not have leading zeros.
+ * \param private_exponent Key private exponent.
+ * \param alg An RSA algorithm.
+ * \param input_data The input plaintext.
+ * \param buf The ciphertext produced by the driver.
+ * \param length Length of \p buf in bytes.
+ */
+static int sanity_check_rsa_encryption_result(
+ psa_algorithm_t alg,
+ const data_t *modulus, const data_t *private_exponent,
+ const data_t *input_data,
+ uint8_t *buf, size_t length )
+{
+#if defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi N, D, C, X;
+ mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &D );
+ mbedtls_mpi_init( &C );
+ mbedtls_mpi_init( &X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+ int ok = 0;
+
+ TEST_ASSERT( length == modulus->len );
+
+#if defined(MBEDTLS_BIGNUM_C)
+ /* Perform the private key operation */
+ TEST_ASSERT( mbedtls_mpi_read_binary( &N, modulus->x, modulus->len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &D,
+ private_exponent->x,
+ private_exponent->len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &C, buf, length ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_exp_mod( &X, &C, &D, &N, NULL ) == 0 );
+
+ /* Sanity checks on the padded plaintext */
+ TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, length ) == 0 );
+
+ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ {
+ TEST_ASSERT( length > input_data->len + 2 );
+ TEST_EQUAL( buf[0], 0x00 );
+ TEST_EQUAL( buf[1], 0x02 );
+ TEST_EQUAL( buf[length - input_data->len - 1], 0x00 );
+ ASSERT_COMPARE( buf + length - input_data->len, input_data->len,
+ input_data->x, input_data->len );
+ }
+ else if( PSA_ALG_IS_RSA_OAEP( alg ) )
+ {
+ TEST_EQUAL( buf[0], 0x00 );
+ /* The rest is too hard to check */
+ }
+ else
+ {
+ TEST_ASSERT( ! "Encryption result sanity check not implemented for RSA algorithm" );
+ }
+#endif /* MBEDTLS_BIGNUM_C */
+
+ ok = 1;
+
+exit:
+#if defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_free( &N );
+ mbedtls_mpi_free( &D );
+ mbedtls_mpi_free( &C );
+ mbedtls_mpi_free( &X );
+#endif /* MBEDTLS_BIGNUM_C */
+ return( ok );
+}
+#endif
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -7,20 +80,25 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
-void ecdsa_sign_hash( int force_status_arg,
- data_t *key_input,
- data_t *data_input,
- data_t *expected_output,
- int fake_output,
- int expected_status_arg )
+/* BEGIN_CASE */
+void sign_hash( int key_type_arg,
+ int alg_arg,
+ int force_status_arg,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
- uint8_t signature[64];
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ psa_key_type_t key_type = key_type_arg;
+ unsigned char *signature = NULL;
+ size_t signature_size;
size_t signature_length = 0xdeadbeef;
psa_status_t actual_status;
mbedtls_test_driver_signature_sign_hooks =
@@ -28,7 +106,7 @@
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -44,9 +122,19 @@
expected_output->len;
}
+ /* Allocate a buffer which has the size advertized by the
+ * library. */
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
actual_status = psa_sign_hash( key, alg,
data_input->x, data_input->len,
- signature, sizeof( signature ),
+ signature, signature_size,
&signature_length );
TEST_EQUAL( actual_status, expected_status );
if( expected_status == PSA_SUCCESS )
@@ -59,25 +147,31 @@
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
+ mbedtls_free( signature );
PSA_DONE( );
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
-void ecdsa_verify_hash( int force_status_arg,
- int register_public_key,
- data_t *key_input,
- data_t *data_input,
- data_t *signature_input,
- int expected_status_arg )
+/* BEGIN_CASE */
+void verify_hash( int key_type_arg,
+ int key_type_public_arg,
+ int alg_arg,
+ int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_key_type_t key_type_public = key_type_public_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
psa_status_t actual_status;
mbedtls_test_driver_signature_verify_hooks =
mbedtls_test_driver_signature_hooks_init();
@@ -85,8 +179,7 @@
PSA_ASSERT( psa_crypto_init( ) );
if( register_public_key )
{
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_type( &attributes, key_type_public );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -95,8 +188,7 @@
}
else
{
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -121,28 +213,32 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
-void ecdsa_sign_message( int force_status_arg,
- data_t *key_input,
- data_t *data_input,
- data_t *expected_output,
- int fake_output,
- int expected_status_arg )
+/* BEGIN_CASE */
+void sign_message( int key_type_arg,
+ int alg_arg,
+ int force_status_arg,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
- uint8_t signature[64];
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ psa_key_type_t key_type = key_type_arg;
+ unsigned char *signature = NULL;
+ size_t signature_size;
size_t signature_length = 0xdeadbeef;
psa_status_t actual_status;
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -158,9 +254,19 @@
expected_output->len;
}
+ /* Allocate a buffer which has the size advertized by the
+ * library. */
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
actual_status = psa_sign_message( key, alg,
data_input->x, data_input->len,
- signature, sizeof( signature ),
+ signature, signature_size,
&signature_length );
TEST_EQUAL( actual_status, expected_status );
if( expected_status == PSA_SUCCESS )
@@ -175,25 +281,31 @@
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
+ mbedtls_free( signature );
PSA_DONE( );
mbedtls_test_driver_signature_sign_hooks =
mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
-void ecdsa_verify_message( int force_status_arg,
- int register_public_key,
- data_t *key_input,
- data_t *data_input,
- data_t *signature_input,
- int expected_status_arg )
+/* BEGIN_CASE */
+void verify_message( int key_type_arg,
+ int key_type_public_arg,
+ int alg_arg,
+ int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_key_type_t key_type_public = key_type_public_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
psa_status_t actual_status;
mbedtls_test_driver_signature_verify_hooks =
mbedtls_test_driver_signature_hooks_init();
@@ -201,8 +313,7 @@
PSA_ASSERT( psa_crypto_init( ) );
if( register_public_key )
{
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_type( &attributes, key_type_public );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -211,8 +322,7 @@
}
else
{
- psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -314,10 +424,17 @@
/* BEGIN_CASE */
void validate_key( int force_status_arg,
+ int location,
+ int owner_id_arg,
+ int id_arg,
int key_type_arg,
data_t *key_input,
int expected_status_arg )
{
+ psa_key_lifetime_t lifetime =
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, location);
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
@@ -327,8 +444,10 @@
mbedtls_test_driver_key_management_hooks =
mbedtls_test_driver_key_management_hooks_init();
+ psa_set_key_id( &attributes, id );
psa_set_key_type( &attributes,
key_type );
+ psa_set_key_lifetime( &attributes, lifetime );
psa_set_key_bits( &attributes, 0 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
@@ -339,6 +458,7 @@
actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.location, location );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
@@ -1247,9 +1367,64 @@
else
TEST_EQUAL( forced_status, status );
- if( mac_buffer_size > 0 )
- memset( actual_mac, 0, mac_buffer_size );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_mac->x, expected_mac->len,
+ actual_mac, mac_length );
+ }
+
+ mbedtls_free( actual_mac );
+ actual_mac = NULL;
+
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_free( actual_mac );
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_sign_multipart( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int fragments_count,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *actual_mac = NULL;
+ size_t mac_buffer_size =
+ PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
+ size_t mac_length = 0;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t forced_status = forced_status_arg;
+ uint8_t *input_x = input->x;
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+
+ TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
+ /* We expect PSA_MAC_LENGTH to be exact. */
+ TEST_ASSERT( expected_mac->len == mac_buffer_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ ASSERT_ALLOC( actual_mac, mac_buffer_size );
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
@@ -1266,25 +1441,38 @@
else
TEST_EQUAL( forced_status, status );
- status = psa_mac_update( &operation,
- input->x, input->len );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
+ if ( fragments_count )
{
- PSA_ASSERT( status );
+ TEST_ASSERT( ( input->len / fragments_count ) > 0 );
}
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ for ( int i = 0; i < fragments_count; i++)
+ {
+ int fragment_size = input->len / fragments_count;
+ if ( i == fragments_count - 1 )
+ fragment_size += ( input->len % fragments_count );
+
+ status = psa_mac_update( &operation,
+ input_x, fragment_size );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 + i );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+ input_x += fragment_size;
+ }
status = psa_mac_sign_finish( &operation,
actual_mac, mac_buffer_size,
&mac_length );
if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count );
else
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
@@ -1298,7 +1486,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count );
else
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
@@ -1365,7 +1553,46 @@
else
TEST_EQUAL( forced_status, status );
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+ PSA_DONE( );
mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_verify_multipart( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int fragments_count,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_status_t forced_status = forced_status_arg;
+ uint8_t *input_x = input->x;
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+
+ TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
@@ -1382,26 +1609,39 @@
else
TEST_EQUAL( forced_status, status );
- status = psa_mac_update( &operation,
- input->x, input->len );
- if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
- else
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
-
- if( forced_status == PSA_SUCCESS ||
- forced_status == PSA_ERROR_NOT_SUPPORTED )
+ if ( fragments_count )
{
- PSA_ASSERT( status );
+ TEST_ASSERT( ( input->len / fragments_count ) > 0 );
}
- else
- TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ for ( int i = 0; i < fragments_count; i++)
+ {
+ int fragment_size = input->len / fragments_count;
+ if ( i == fragments_count - 1 )
+ fragment_size += ( input->len % fragments_count );
+
+ status = psa_mac_update( &operation,
+ input_x, fragment_size );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 + i );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+ input_x += fragment_size;
+ }
status = psa_mac_verify_finish( &operation,
expected_mac->x,
expected_mac->len );
if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count );
else
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
@@ -1416,7 +1656,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
if( forced_status == PSA_SUCCESS )
- TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count );
else
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
@@ -1784,3 +2024,427 @@
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encrypt_decrypt( int alg_arg,
+ data_t *key_data,
+ data_t *input_data,
+ data_t *label,
+ data_t *fake_output_encrypt,
+ data_t *fake_output_decrypt,
+ int forced_status_encrypt_arg,
+ int forced_status_decrypt_arg,
+ int expected_status_encrypt_arg,
+ int expected_status_decrypt_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *output = NULL;
+ size_t output_size;
+ size_t output_length = ~0;
+ unsigned char *output2 = NULL;
+ size_t output2_size;
+ size_t output2_length = ~0;
+ psa_status_t forced_status_encrypt = forced_status_encrypt_arg;
+ psa_status_t forced_status_decrypt = forced_status_decrypt_arg;
+ psa_status_t expected_status_encrypt = expected_status_encrypt_arg;
+ psa_status_t expected_status_decrypt = expected_status_decrypt_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_driver_asymmetric_encryption_hooks =
+ mbedtls_test_driver_asymmetric_encryption_hooks_init();
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ /* Determine the maximum ciphertext length */
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_status =
+ forced_status_encrypt;
+ if ( fake_output_encrypt->len > 0 )
+ {
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output =
+ fake_output_encrypt->x;
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length =
+ fake_output_encrypt->len;
+ output_size = fake_output_encrypt->len;
+ ASSERT_ALLOC( output, output_size );
+ }
+ else
+ {
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
+ ASSERT_ALLOC( output, output_size );
+ }
+
+ /* We test encryption by checking that encrypt-then-decrypt gives back
+ * the original plaintext because of the non-optional random
+ * part of encryption process which prevents using fixed vectors. */
+ TEST_EQUAL( psa_asymmetric_encrypt( key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length ), expected_status_encrypt );
+ /* We don't know what ciphertext length to expect, but check that
+ * it looks sensible. */
+ TEST_ASSERT( output_length <= output_size );
+
+ if ( expected_status_encrypt == PSA_SUCCESS )
+ {
+ if ( fake_output_encrypt->len > 0 )
+ ASSERT_COMPARE( fake_output_encrypt->x, fake_output_encrypt->len,
+ output, output_length );
+ else
+ {
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_status =
+ forced_status_decrypt;
+ if ( fake_output_decrypt->len > 0 )
+ {
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output =
+ fake_output_decrypt->x;
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length =
+ fake_output_decrypt->len;
+ output2_size = fake_output_decrypt->len;
+ ASSERT_ALLOC( output2, output2_size );
+ }
+ else
+ {
+ output2_size = input_data->len;
+ TEST_ASSERT( output2_size <=
+ PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
+ TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
+ ASSERT_ALLOC( output2, output2_size );
+ }
+
+ TEST_EQUAL( psa_asymmetric_decrypt( key, alg,
+ output, output_length,
+ label->x, label->len,
+ output2, output2_size,
+ &output2_length ), expected_status_decrypt );
+ if ( expected_status_decrypt == PSA_SUCCESS )
+ {
+ if ( fake_output_decrypt->len > 0 )
+ ASSERT_COMPARE( fake_output_decrypt->x, fake_output_decrypt->len,
+ output2, output2_length );
+ else
+ ASSERT_COMPARE( input_data->x, input_data->len,
+ output2, output2_length );
+ }
+ }
+ }
+
+exit:
+ /*
+ * Key attributes may have been returned by psa_get_key_attributes()
+ * thus reset them as required.
+ */
+ psa_reset_key_attributes( &attributes );
+
+ psa_destroy_key( key );
+ mbedtls_free( output );
+ mbedtls_free( output2 );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_decrypt( int alg_arg,
+ data_t *key_data,
+ data_t *input_data,
+ data_t *label,
+ data_t *expected_output_data,
+ data_t *fake_output_decrypt,
+ int forced_status_decrypt_arg,
+ int expected_status_decrypt_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output = NULL;
+ size_t output_size;
+ size_t output_length = ~0;
+ psa_status_t forced_status_decrypt = forced_status_decrypt_arg;
+ psa_status_t expected_status_decrypt = expected_status_decrypt_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_driver_asymmetric_encryption_hooks =
+ mbedtls_test_driver_asymmetric_encryption_hooks_init();
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_status =
+ forced_status_decrypt;
+
+ if ( fake_output_decrypt->len > 0 )
+ {
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output =
+ fake_output_decrypt->x;
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length =
+ fake_output_decrypt->len;
+ output_size = fake_output_decrypt->len;
+ ASSERT_ALLOC( output, output_size );
+ }
+ else
+ {
+ output_size = expected_output_data->len;
+ ASSERT_ALLOC( output, expected_output_data->len );
+ }
+
+ TEST_EQUAL( psa_asymmetric_decrypt( key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length ), expected_status_decrypt );
+ if ( expected_status_decrypt == PSA_SUCCESS )
+ {
+ TEST_EQUAL( output_length, expected_output_data->len );
+ ASSERT_COMPARE( expected_output_data->x, expected_output_data->len,
+ output, output_length );
+ }
+exit:
+ /*
+ * Key attributes may have been returned by psa_get_key_attributes()
+ * thus reset them as required.
+ */
+ psa_reset_key_attributes( &attributes );
+
+ psa_destroy_key( key );
+ mbedtls_free( output );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encrypt( int alg_arg,
+ data_t *key_data,
+ data_t *modulus,
+ data_t *private_exponent,
+ data_t *input_data,
+ data_t *label,
+ data_t *fake_output_encrypt,
+ int forced_status_encrypt_arg,
+ int expected_status_encrypt_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output = NULL;
+ size_t output_size;
+ size_t output_length = ~0;
+ psa_status_t forced_status_encrypt = forced_status_encrypt_arg;
+ psa_status_t expected_status_encrypt = expected_status_encrypt_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ mbedtls_test_driver_asymmetric_encryption_hooks =
+ mbedtls_test_driver_asymmetric_encryption_hooks_init();
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ size_t key_bits = psa_get_key_bits( &attributes );
+
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_status =
+ forced_status_encrypt;
+
+ if ( fake_output_encrypt->len > 0 )
+ {
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output =
+ fake_output_encrypt->x;
+ mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length =
+ fake_output_encrypt->len;
+ output_size = fake_output_encrypt->len;
+ ASSERT_ALLOC( output, output_size );
+ }
+ else
+ {
+ output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ ASSERT_ALLOC( output, output_size );
+ }
+
+ TEST_EQUAL( psa_asymmetric_encrypt( key, alg,
+ input_data->x, input_data->len,
+ label->x, label->len,
+ output, output_size,
+ &output_length ), expected_status_encrypt );
+ if ( expected_status_encrypt == PSA_SUCCESS )
+ {
+ if( fake_output_encrypt->len > 0 )
+ {
+ TEST_EQUAL( fake_output_encrypt->len, output_length );
+ ASSERT_COMPARE( fake_output_encrypt->x, fake_output_encrypt->len,
+ output, output_length );
+ }
+ else
+ {
+ /* Perform sanity checks on the output */
+#if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+ if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ {
+ if( ! sanity_check_rsa_encryption_result(
+ alg, modulus, private_exponent,
+ input_data,
+ output, output_length ) )
+ goto exit;
+ }
+ else
+#endif
+ {
+ (void) modulus;
+ (void) private_exponent;
+ TEST_ASSERT( ! "Encryption sanity checks not implemented for this key type" );
+ }
+ }
+ }
+exit:
+ /*
+ * Key attributes may have been returned by psa_get_key_attributes()
+ * thus reset them as required.
+ */
+ psa_reset_key_attributes( &attributes );
+
+ psa_destroy_key( key );
+ mbedtls_free( output );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt_setup( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_ciphertext,
+ data_t *expected_tag,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ uint8_t *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ size_t finish_output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ size_t tag_length = 0;
+ uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
+
+ psa_aead_operation_t operation = psa_aead_operation_init();
+
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
+
+ PSA_INIT( );
+
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ ASSERT_ALLOC( output_data, output_size );
+
+ status = psa_aead_encrypt_setup( &operation, key, alg );
+
+ TEST_EQUAL( status, expected_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1 );
+
+ if( status == PSA_SUCCESS )
+ {
+ /* Set the nonce. */
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_set_nonce,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Check hooks hits and
+ * set length (additional data and data to encrypt) */
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_set_lengths,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Pass the additional data */
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_update_ad,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Pass the data to encrypt */
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len,
+ output_data, output_size, &output_length ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_update,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Finish the encryption operation */
+ PSA_ASSERT( psa_aead_finish( &operation, output_data + output_length,
+ output_size - output_length,
+ &finish_output_length, tag_buffer,
+ PSA_AEAD_TAG_MAX_SIZE, &tag_length ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_finish,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_abort,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Compare output_data and expected_ciphertext */
+ ASSERT_COMPARE( expected_ciphertext->x, expected_ciphertext->len,
+ output_data, output_length );
+
+ TEST_EQUAL( output_length + finish_output_length, expected_ciphertext->len );
+
+ /* Compare tag and expected_tag */
+ ASSERT_COMPARE( expected_tag->x, expected_tag->len, tag_buffer, tag_length );
+ }
+
+exit:
+ /* Cleanup */
+ PSA_ASSERT( psa_destroy_key( key ) );
+ mbedtls_free( output_data );
+ PSA_DONE( );
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_op_fail.function b/tests/suites/test_suite_psa_crypto_op_fail.function
new file mode 100644
index 0000000..8b50f10
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_op_fail.function
@@ -0,0 +1,390 @@
+/* BEGIN_HEADER */
+
+#include "psa/crypto.h"
+#include "test/psa_crypto_helpers.h"
+
+static int test_equal_status( const char *test,
+ int line_no, const char* filename,
+ psa_status_t value1,
+ psa_status_t value2 )
+{
+ if( ( value1 == PSA_ERROR_INVALID_ARGUMENT &&
+ value2 == PSA_ERROR_NOT_SUPPORTED ) ||
+ ( value1 == PSA_ERROR_NOT_SUPPORTED &&
+ value2 == PSA_ERROR_INVALID_ARGUMENT ) )
+ {
+ return( 1 );
+ }
+ return( mbedtls_test_equal( test, line_no, filename, value1, value2 ) );
+}
+
+/** Like #TEST_EQUAL, but expects #psa_status_t values and treats
+ * #PSA_ERROR_INVALID_ARGUMENT and #PSA_ERROR_NOT_SUPPORTED as
+ * interchangeable.
+ *
+ * This test suite currently allows NOT_SUPPORTED and INVALID_ARGUMENT
+ * to be interchangeable in places where the library's behavior does not
+ * match the strict expectations of the test case generator. In the long
+ * run, it would be better to clarify the expectations and reconcile the
+ * library and the test case generator.
+ */
+#define TEST_STATUS( expr1, expr2 ) \
+ do { \
+ if( ! test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \
+ expr1, expr2 ) ) \
+ goto exit; \
+ } while( 0 )
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_fail( int alg_arg, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ uint8_t input[1] = {'A'};
+ uint8_t output[PSA_HASH_MAX_SIZE] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ TEST_EQUAL( expected_status,
+ psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( expected_status,
+ psa_hash_compute( alg, input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+ TEST_EQUAL( expected_status,
+ psa_hash_compare( alg, input, sizeof( input ),
+ output, sizeof( output ) ) );
+
+exit:
+ psa_hash_abort( &operation );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t input[1] = {'A'};
+ uint8_t output[PSA_MAC_MAX_SIZE] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+
+ TEST_STATUS( expected_status,
+ psa_mac_sign_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_mac_verify_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_mac_compute( key_id, alg,
+ input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+ TEST_STATUS( expected_status,
+ psa_mac_verify( key_id, alg,
+ input, sizeof( input ),
+ output, sizeof( output ) ) );
+
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t input[1] = {'A'};
+ uint8_t output[64] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+
+ TEST_STATUS( expected_status,
+ psa_cipher_encrypt_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_cipher_decrypt_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_cipher_encrypt( key_id, alg,
+ input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+ TEST_STATUS( expected_status,
+ psa_cipher_decrypt( key_id, alg,
+ input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+
+exit:
+ psa_cipher_abort( &operation );
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t input[16] = "ABCDEFGHIJKLMNO";
+ uint8_t output[64] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+
+ TEST_STATUS( expected_status,
+ psa_aead_encrypt_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_aead_decrypt_setup( &operation, key_id, alg ) );
+ TEST_STATUS( expected_status,
+ psa_aead_encrypt( key_id, alg,
+ input, sizeof( input ),
+ NULL, 0, input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+ TEST_STATUS( expected_status,
+ psa_aead_decrypt( key_id, alg,
+ input, sizeof( input ),
+ NULL, 0, input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+
+exit:
+ psa_aead_abort( &operation );
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t input[1] = {'A'};
+ uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+
+ TEST_STATUS( expected_status,
+ psa_sign_hash( key_id, alg,
+ input, sizeof( input ),
+ output, sizeof( output ), &length ) );
+ if( ! private_only )
+ {
+ /* Determine a plausible signature size to avoid an INVALID_SIGNATURE
+ * error based on this. */
+ PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
+ size_t key_bits = psa_get_key_bits( &attributes );
+ size_t output_length = sizeof( output );
+ if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ output_length = PSA_BITS_TO_BYTES( key_bits );
+ else if( PSA_KEY_TYPE_IS_ECC( key_type ) )
+ output_length = 2 * PSA_BITS_TO_BYTES( key_bits );
+ TEST_ASSERT( output_length <= sizeof( output ) );
+ TEST_STATUS( expected_status,
+ psa_verify_hash( key_id, alg,
+ input, sizeof( input ),
+ output, output_length ) );
+ }
+
+exit:
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void asymmetric_encryption_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = {0};
+ uint8_t ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = {0};
+ size_t length = SIZE_MAX;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+
+ if( ! private_only )
+ {
+ TEST_STATUS( expected_status,
+ psa_asymmetric_encrypt( key_id, alg,
+ plaintext, 1,
+ NULL, 0,
+ ciphertext, sizeof( ciphertext ),
+ &length ) );
+ }
+ TEST_STATUS( expected_status,
+ psa_asymmetric_decrypt( key_id, alg,
+ ciphertext, sizeof( ciphertext ),
+ NULL, 0,
+ plaintext, sizeof( plaintext ),
+ &length ) );
+
+exit:
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_derivation_fail( int alg_arg, int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ PSA_INIT( );
+
+ TEST_EQUAL( expected_status,
+ psa_key_derivation_setup( &operation, alg ) );
+
+exit:
+ psa_key_derivation_abort( &operation );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void key_agreement_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, int private_only,
+ int expected_status_arg )
+{
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE] = {0};
+ size_t public_key_length = SIZE_MAX;
+ uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
+ size_t length = SIZE_MAX;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ PSA_INIT( );
+
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_usage_flags( &attributes,
+ PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &attributes, alg );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data->x, key_data->len,
+ &key_id ) );
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ||
+ PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
+ {
+ PSA_ASSERT( psa_export_public_key( key_id,
+ public_key, sizeof( public_key ),
+ &public_key_length ) );
+ }
+
+ TEST_STATUS( expected_status,
+ psa_raw_key_agreement( alg, key_id,
+ public_key, public_key_length,
+ output, sizeof( output ), &length ) );
+
+#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
+ PSA_ASSERT( psa_key_derivation_setup( &operation,
+ PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) );
+ TEST_STATUS( expected_status,
+ psa_key_derivation_key_agreement(
+ &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key_id,
+ public_key, public_key_length ) );
+#endif
+
+ /* There are no public-key operations. */
+ (void) private_only;
+
+exit:
+ psa_key_derivation_abort( &operation );
+ psa_destroy_key( key_id );
+ psa_reset_key_attributes( &attributes );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_op_fail.misc.data b/tests/suites/test_suite_psa_crypto_op_fail.misc.data
new file mode 100644
index 0000000..147c3b7
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_op_fail.misc.data
@@ -0,0 +1,15 @@
+# Most operation failure test cases are automatically generated in
+# test_suite_psa_crypto_op_fail.generated.data. The manually written
+# test cases in this file are only intended to help with debugging the
+# test code.
+
+PSA hash: invalid algorithm
+hash_fail:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign RSA_PSS(SHA_256): incompatible key type
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+sign_fail:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair
+depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_its.data b/tests/suites/test_suite_psa_its.data
index 9057a1a..06aed07 100644
--- a/tests/suites/test_suite_psa_its.data
+++ b/tests/suites/test_suite_psa_its.data
@@ -1,71 +1,74 @@
Set/get/remove 0 bytes
-set_get_remove:0:0:""
+set_get_remove:1:0:""
Set/get/remove 42 bytes
-set_get_remove:0:0:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223242526272829"
+set_get_remove:1:0:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223242526272829"
Set/get/remove 1000 bytes
-set_get_remove:0:0:"6a07ecfcc7c7bfe0129d56d2dcf2955a12845b9e6e0034b0ed7226764261c6222a07b9f654deb682130eb1cd07ed298324e60a46f9c76c8a5a0be000c69e93dd81054ca21fbc6190cef7745e9d5436f70e20e10cbf111d1d40c9ceb83be108775199d81abaf0fecfe30eaa08e7ed82517cba939de4449f7ac5c730fcbbf56e691640b0129db0e178045dd2034262de9138873d9bdca57685146a3d516ff13c29e6628a00097435a8e10fef7faff62d2963c303a93793e2211d8604556fec08cd59c0f5bd1f22eea64be13e88b3f454781e83fe6e771d3d81eb2fbe2021e276f42a93db5343d767d854115e74f5e129a8036b1e81aced9872709d515e00bcf2098ccdee23006b0e836b27dc8aaf30f53fe58a31a6408abb79b13098c22e262a98040f9b09809a3b43bd42eb01cf1d17bbc8b4dfe51fa6573d4d8741943e3ae71a649e194c1218f2e20556c7d8cfe8c64d8cc1aa94531fbf638768c7d19b3c079299cf4f26ed3f964efb8fd23d82b4157a51f46da11156c74e2d6e2fd788869ebb52429e12a82da2ba083e2e74565026162f29ca22582da72a2698e7c5d958b919bc2cdfe12f50364ccfed30efd5cd120a7d5f196b2bd7f911bb44d5871eb3dedcd70ece7faf464988f9fe361f23d7244b1e08bee921d0f28bdb4912675809d099876d4d15b7d13ece356e1f2a5dce64feb3d6749a07a4f2b7721190e17a9ab2966e48b6d25187070b81eb45b1c44608b2f0e175958ba57fcf1b2cd145eea5fd4de858d157ddac69dfbb5d5d6f0c1691b0fae5a143b6e58cdf5000f28d74b3322670ed11e740c828c7bfad4e2f392012da3ac931ea26ed15fd003e604071f5900c6e1329d021805d50da9f1e732a49bcc292d9f8e07737cfd59442e8d7aaa813b18183a68e22bf6b4519545dd7d2d519db3652be4131bad4f4b0625dbaa749e979f6ee8c1b97803cb50a2fa20dc883eac932a824b777b226e15294de6a80be3ddef41478fe18172d64407a004de6bae18bc60e90c902c1cbb0e1633395b42391f5011be0d480541987609b0cd8d902ea29f86f73e7362340119323eb0ea4f672b70d6e9a9df5235f9f1965f5cb0c2998c5a7f4754e83eeda5d95fefbbaaa0875fe37b7ca461e7281cc5479162627c5a709b45fd9ddcde4dfb40659e1d70fa7361d9fc7de24f9b8b13259423fdae4dbb98d691db687467a5a7eb027a4a0552a03e430ac8a32de0c30160ba60a036d6b9db2d6182193283337b92e7438dc5d6eb4fa00200d8efa9127f1c3a32ac8e202262773aaa5a965c6b8035b2e5706c32a55511560429ddf1df4ac34076b7eedd9cf94b6915a894fdd9084ffe3db0e7040f382c3cd04f0484595de95865c36b6bf20f46a78cdfb37228acbeb218de798b9586f6d99a0cbae47e80d"
+set_get_remove:1:0:"6a07ecfcc7c7bfe0129d56d2dcf2955a12845b9e6e0034b0ed7226764261c6222a07b9f654deb682130eb1cd07ed298324e60a46f9c76c8a5a0be000c69e93dd81054ca21fbc6190cef7745e9d5436f70e20e10cbf111d1d40c9ceb83be108775199d81abaf0fecfe30eaa08e7ed82517cba939de4449f7ac5c730fcbbf56e691640b0129db0e178045dd2034262de9138873d9bdca57685146a3d516ff13c29e6628a00097435a8e10fef7faff62d2963c303a93793e2211d8604556fec08cd59c0f5bd1f22eea64be13e88b3f454781e83fe6e771d3d81eb2fbe2021e276f42a93db5343d767d854115e74f5e129a8036b1e81aced9872709d515e00bcf2098ccdee23006b0e836b27dc8aaf30f53fe58a31a6408abb79b13098c22e262a98040f9b09809a3b43bd42eb01cf1d17bbc8b4dfe51fa6573d4d8741943e3ae71a649e194c1218f2e20556c7d8cfe8c64d8cc1aa94531fbf638768c7d19b3c079299cf4f26ed3f964efb8fd23d82b4157a51f46da11156c74e2d6e2fd788869ebb52429e12a82da2ba083e2e74565026162f29ca22582da72a2698e7c5d958b919bc2cdfe12f50364ccfed30efd5cd120a7d5f196b2bd7f911bb44d5871eb3dedcd70ece7faf464988f9fe361f23d7244b1e08bee921d0f28bdb4912675809d099876d4d15b7d13ece356e1f2a5dce64feb3d6749a07a4f2b7721190e17a9ab2966e48b6d25187070b81eb45b1c44608b2f0e175958ba57fcf1b2cd145eea5fd4de858d157ddac69dfbb5d5d6f0c1691b0fae5a143b6e58cdf5000f28d74b3322670ed11e740c828c7bfad4e2f392012da3ac931ea26ed15fd003e604071f5900c6e1329d021805d50da9f1e732a49bcc292d9f8e07737cfd59442e8d7aaa813b18183a68e22bf6b4519545dd7d2d519db3652be4131bad4f4b0625dbaa749e979f6ee8c1b97803cb50a2fa20dc883eac932a824b777b226e15294de6a80be3ddef41478fe18172d64407a004de6bae18bc60e90c902c1cbb0e1633395b42391f5011be0d480541987609b0cd8d902ea29f86f73e7362340119323eb0ea4f672b70d6e9a9df5235f9f1965f5cb0c2998c5a7f4754e83eeda5d95fefbbaaa0875fe37b7ca461e7281cc5479162627c5a709b45fd9ddcde4dfb40659e1d70fa7361d9fc7de24f9b8b13259423fdae4dbb98d691db687467a5a7eb027a4a0552a03e430ac8a32de0c30160ba60a036d6b9db2d6182193283337b92e7438dc5d6eb4fa00200d8efa9127f1c3a32ac8e202262773aaa5a965c6b8035b2e5706c32a55511560429ddf1df4ac34076b7eedd9cf94b6915a894fdd9084ffe3db0e7040f382c3cd04f0484595de95865c36b6bf20f46a78cdfb37228acbeb218de798b9586f6d99a0cbae47e80d"
Set/get/remove with flags
-set_get_remove:0:0x12345678:"abcdef"
+set_get_remove:1:0x12345678:"abcdef"
Overwrite 0 -> 3
-set_overwrite:0:0x12345678:"":0x01020304:"abcdef"
+set_overwrite:1:0x12345678:"":0x01020304:"abcdef"
Overwrite 3 -> 0
-set_overwrite:0:0x12345678:"abcdef":0x01020304:""
+set_overwrite:1:0x12345678:"abcdef":0x01020304:""
Overwrite 3 -> 3
-set_overwrite:0:0x12345678:"123456":0x01020304:"abcdef"
+set_overwrite:1:0x12345678:"123456":0x01020304:"abcdef"
Overwrite 3 -> 18
-set_overwrite:0:0x12345678:"abcdef":0x01020304:"404142434445464748494a4b4c4d4e4f5051"
+set_overwrite:1:0x12345678:"abcdef":0x01020304:"404142434445464748494a4b4c4d4e4f5051"
Overwrite 18 -> 3
-set_overwrite:0:0x12345678:"404142434445464748494a4b4c4d4e4f5051":0x01020304:"abcdef"
+set_overwrite:1:0x12345678:"404142434445464748494a4b4c4d4e4f5051":0x01020304:"abcdef"
Multiple files
-set_multiple:0:5
+set_multiple:1:5
+
+Set UID 0
+set_fail:0:"40414243444546474849":PSA_ERROR_INVALID_HANDLE
Non-existent file
-nonexistent:0:0
+nonexistent:1:0
Removed file
-nonexistent:0:1
+nonexistent:1:1
Get 0 bytes of 10 at 10
-get_at:0:"40414243444546474849":10:0:PSA_SUCCESS
+get_at:1:"40414243444546474849":10:0:PSA_SUCCESS
Get 1 byte of 10 at 9
-get_at:0:"40414243444546474849":9:1:PSA_SUCCESS
+get_at:1:"40414243444546474849":9:1:PSA_SUCCESS
Get 0 bytes of 10 at 0
-get_at:0:"40414243444546474849":0:0:PSA_SUCCESS
+get_at:1:"40414243444546474849":0:0:PSA_SUCCESS
Get 1 byte of 10 at 0
-get_at:0:"40414243444546474849":0:1:PSA_SUCCESS
+get_at:1:"40414243444546474849":0:1:PSA_SUCCESS
Get 2 bytes of 10 at 1
-get_at:0:"40414243444546474849":1:2:PSA_SUCCESS
+get_at:1:"40414243444546474849":1:2:PSA_SUCCESS
Get 1 byte of 10 at 10: out of range
-get_at:0:"40414243444546474849":10:1:PSA_ERROR_INVALID_ARGUMENT
+get_at:1:"40414243444546474849":10:1:PSA_ERROR_INVALID_ARGUMENT
Get 1 byte of 10 at 11: out of range
-get_at:0:"40414243444546474849":11:1:PSA_ERROR_INVALID_ARGUMENT
+get_at:1:"40414243444546474849":11:1:PSA_ERROR_INVALID_ARGUMENT
Get 0 bytes of 10 at 11: out of range
-get_at:0:"40414243444546474849":11:0:PSA_ERROR_INVALID_ARGUMENT
+get_at:1:"40414243444546474849":11:0:PSA_ERROR_INVALID_ARGUMENT
Get -1 byte of 10 at 10: out of range
-get_at:0:"40414243444546474849":10:-1:PSA_ERROR_INVALID_ARGUMENT
+get_at:1:"40414243444546474849":10:-1:PSA_ERROR_INVALID_ARGUMENT
Get 1 byte of 10 at -1: out of range
-get_at:0:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT
+get_at:1:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT
Overwrite ITS header magic
-get_fail:0:"40414243444546474849":1:0:PSA_ERROR_DATA_CORRUPT
+get_fail:1:"40414243444546474849":1:0:PSA_ERROR_DATA_CORRUPT
Truncate ITS header
-get_fail:0:"40414243444546474849":0:1:PSA_ERROR_DATA_CORRUPT
+get_fail:1:"40414243444546474849":0:1:PSA_ERROR_DATA_CORRUPT
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index fb9ce07..e16c050 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -285,3 +285,16 @@
cleanup( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void set_fail( int uid_arg, data_t *data,
+ int expected_status )
+{
+ psa_storage_uid_t uid = uid_arg;
+ TEST_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) ==
+ (psa_status_t) expected_status );
+
+ exit:
+ cleanup( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index b444040..848a497 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -101,119 +101,156 @@
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT
Test mbedtls_endpoint sanity for the server
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER
Test moving clients handshake to state: HELLO_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving clients handshake to state: CLIENT_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving clients handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
Test moving clients handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving clients handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving clients handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving clients handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving clients handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving clients handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
Test moving servers handshake to state: HELLO_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving servers handshake to state: CLIENT_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving servers handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
Test moving servers handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving servers handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving servers handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving servers handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving servers handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving servers handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0
Negative test moving servers ssl to state: NEW_SESSION_TICKET
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
-handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3
+handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -241,7 +278,7 @@
DTLS Handshake, tls1_2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
-handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3
+handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
@@ -272,14 +309,16 @@
handshake_serialization
DTLS Handshake fragmentation, MFL=512
+depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
DTLS Handshake fragmentation, MFL=1024
+depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
-handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3
+handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
Sending app data via TLS, MFL=512 without fragmentation
depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -619,4248 +658,1740 @@
ssl_set_hostname_twice:"server0":"server1"
SSL session serialization: Wrong major version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:1:0:0:0
SSL session serialization: Wrong minor version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:1:0:0
SSL session serialization: Wrong patch version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:1:0
SSL session serialization: Wrong config
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:0:1
Record crypt, AES-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-128-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-192-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-192-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-192-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-192-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-256-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-192-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-128-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-192-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-256-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, NULL cipher, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, MD5
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ChachaPoly
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
-ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ChachaPoly, 1.3
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
-ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, ChachaPoly
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
-ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ChachaPoly, 1.3
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
-ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, ChachaPoly, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
-ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ChachaPoly, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
-ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-192-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-GCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-GCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CCM, 1.2, short tag
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, NULL cipher, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, MD5
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, MD5, EtM
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
@@ -4870,14 +2401,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -4886,14 +2409,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, AES MD5 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -4902,14 +2417,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, AES MD5 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -4918,14 +2425,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, AES MD5 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -4934,14 +2433,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -4950,14 +2441,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -4966,14 +2449,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -4982,14 +2457,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -4998,14 +2465,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -5014,14 +2473,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -5030,14 +2481,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -5046,14 +2489,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -5062,14 +2497,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -5078,14 +2505,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -5094,14 +2513,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -5110,14 +2521,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:255
-
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
@@ -5126,14 +2529,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -5142,14 +2537,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -5158,14 +2545,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -5174,14 +2553,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -5190,14 +2561,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -5206,14 +2569,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -5222,14 +2577,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -5238,14 +2585,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -5254,14 +2593,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -5270,14 +2601,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -5286,14 +2609,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -5302,14 +2617,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -5318,14 +2625,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -5334,14 +2633,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -5350,14 +2641,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -5366,14 +2649,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
@@ -5382,14 +2657,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -5398,14 +2665,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -5414,14 +2673,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -5430,14 +2681,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -5446,14 +2689,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -5462,14 +2697,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -5478,14 +2705,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -5494,14 +2713,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -5510,14 +2721,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -5526,14 +2729,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -5542,14 +2737,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -5558,14 +2745,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -5574,14 +2753,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -5590,14 +2761,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -5606,14 +2769,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -5622,404 +2777,243 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-2
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:248
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:248
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:249
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:249
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:7
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:7
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:255
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-2
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:248
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:248
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:249
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:249
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:7
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:7
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:255
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-2
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:248
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:248
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:249
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:249
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:7
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:7
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:255
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-2
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:248
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:248
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:249
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:249
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:7
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:7
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
-
SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
SSL TLS 1.3 Key schedule: Secret evolution #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Early secret to Handshake Secret
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
SSL TLS 1.3 Key schedule: Secret evolution #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Handshake secret to Master Secret
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Extract
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Extract
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_extract:PSA_ALG_SHA_256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Extract
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Extract
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Extract
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_extract:PSA_ALG_SHA_1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Extract
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Extract
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_extract:PSA_ALG_SHA_1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd"
+
+SSL TLS 1.3 Key schedule: HKDF extract fails with wrong hash alg
+psa_hkdf_extract_ret:0:PSA_ERROR_INVALID_ARGUMENT
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Expand
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand:PSA_ALG_SHA_256:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Expand
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand:PSA_ALG_SHA_256:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Expand
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand:PSA_ALG_SHA_256:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Expand
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_expand:PSA_ALG_SHA_1:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Expand
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_expand:PSA_ALG_SHA_1:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Expand
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_expand:PSA_ALG_SHA_1:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
+
+SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Expand
+depends_on:PSA_WANT_ALG_SHA_1
+psa_hkdf_expand:PSA_ALG_SHA_1:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
+
+SSL TLS 1.3 Key schedule: HKDF expand fails with NULL okm
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:0:PSA_ERROR_INVALID_ARGUMENT
+
+SSL TLS 1.3 Key schedule: HKDF expand fails with invalid alg
+psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT
+
+SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:16:32:PSA_ERROR_INVALID_ARGUMENT
+
+SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:8192:PSA_ERROR_INVALID_ARGUMENT
+
+SSL TLS 1.3 Key schedule: HKDF expand fails with key import
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INSUFFICIENT_MEMORY
SSL TLS 1.3 Key schedule: HKDF Expand Label #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
SSL TLS 1.3 Key schedule: HKDF Expand Label #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
SSL TLS 1.3 Key schedule: HKDF Expand Label #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
SSL TLS 1.3 Key schedule: HKDF Expand Label #4
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic Key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic Key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448)
# Calculation of finished_key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448)
# Calculation of resumption key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
SSL TLS 1.3 Key schedule: Traffic key generation #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
-ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448)
# Vector RFC 8448
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
-ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( Early-Secret, "derived", "")
# Tests the case where context isn't yet hashed (empty string here,
# but still needs to be hashed)
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( MasterSecret, "s ap traffic", hash)
# Tests the case where context is already hashed
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: Early secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_early_secrets:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_handshake_secrets:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@@ -6079,17 +3073,20 @@
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_resumption_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: PSK binder
# Vector from RFC 8448
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
-ssl_tls13_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
@@ -6111,95 +3108,99 @@
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Session serialization, save-load: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:""
Session serialization, save-load: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:""
Session serialization, save-load: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:""
Session serialization, save-load: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt"
Session serialization, save-load: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt"
Session serialization, save-load: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt"
Session serialization, load-save: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:""
Session serialization, load-save: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:42:""
Session serialization, load-save: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:1023:""
Session serialization, load-save: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt"
Session serialization, load-save: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt"
Session serialization, load-save: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt"
Session serialization, save buffer size: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:""
Session serialization, save buffer size: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:42:""
Session serialization, save buffer size: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:1023:""
Session serialization, save buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt"
Session serialization, save buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt"
Session serialization, save buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt"
Session serialization, load buffer size: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_buf_size:0:""
Session serialization, load buffer size: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:42:""
Session serialization, load buffer size: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:1023:""
Session serialization, load buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt"
Session serialization, load buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt"
Session serialization, load buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
Constant-flow HMAC: MD5
@@ -6235,3 +3236,133 @@
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:
+
+Version config: valid client TLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
+
+Version config: valid client DTLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
+
+Version config: valid server TLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
+
+Version config: valid server DTLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
+
+Version config: invalid client TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid client DTLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server DTLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client TLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0
+
+Version config: unsupported client DTLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: valid server TLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0
+
+Version config: unsupported server DTLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: invalid client TLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid client DTLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server TLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server DTLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client hybrid TLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0
+
+Version config: unsupported client hybrid DTLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server hybrid TLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server hybrid DTLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: valid client hybrid TLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client hybrid TLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid minimum version
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:770:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid maximum version
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:773:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Test accessor into timing_delay_context
+timing_final_delay_accessor
+
+Sanity test cid functions
+cid_sanity:
+
+Raw key agreement: nominal
+raw_key_agreement_fail:0
+
+Raw key agreement: bad server key
+raw_key_agreement_fail:1
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index ce934b0..0565603 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -6,6 +6,7 @@
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
#include <ssl_tls13_keys.h>
+#include <ssl_tls13_invasive.h>
#include "test/certs.h"
#include <psa/crypto.h>
@@ -51,17 +52,14 @@
}
}
-/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
-#define TEST_SSL_MINOR_VERSION_NONE -1
-
typedef struct handshake_test_options
{
const char *cipher;
- int client_min_version;
- int client_max_version;
- int server_min_version;
- int server_max_version;
- int expected_negotiated_version;
+ mbedtls_ssl_protocol_version client_min_version;
+ mbedtls_ssl_protocol_version client_max_version;
+ mbedtls_ssl_protocol_version server_min_version;
+ mbedtls_ssl_protocol_version server_max_version;
+ mbedtls_ssl_protocol_version expected_negotiated_version;
int pk_alg;
data_t *psk_str;
int dtls;
@@ -84,11 +82,11 @@
void init_handshake_options( handshake_test_options *opts )
{
opts->cipher = "";
- opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
+ opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
+ opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
+ opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
+ opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
opts->pk_alg = MBEDTLS_PK_RSA;
opts->psk_str = NULL;
opts->dtls = 0;
@@ -853,6 +851,15 @@
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
&( cert->pkey ) );
TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( ep->conf.key_cert != NULL );
+
+ ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), NULL, NULL );
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( ep->conf.key_cert == NULL );
+
+ ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
+ &( cert->pkey ) );
+ TEST_ASSERT( ret == 0 );
exit:
if( ret != 0 )
@@ -882,9 +889,11 @@
int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
mbedtls_test_message_socket_context *dtls_context,
mbedtls_test_message_queue *input_queue,
- mbedtls_test_message_queue *output_queue )
+ mbedtls_test_message_queue *output_queue,
+ uint16_t* group_list )
{
int ret = -1;
+ uintptr_t user_data_n;
if( dtls_context != NULL && ( input_queue == NULL || output_queue == NULL ) )
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -903,6 +912,18 @@
mbedtls_ctr_drbg_random,
&( ep->ctr_drbg ) );
mbedtls_entropy_init( &( ep->entropy ) );
+
+ TEST_ASSERT( mbedtls_ssl_conf_get_user_data_p( &ep->conf ) == NULL );
+ TEST_EQUAL( mbedtls_ssl_conf_get_user_data_n( &ep->conf ), 0 );
+ TEST_ASSERT( mbedtls_ssl_get_user_data_p( &ep->ssl ) == NULL );
+ TEST_EQUAL( mbedtls_ssl_get_user_data_n( &ep->ssl ), 0 );
+
+ (void) mbedtls_test_rnd_std_rand( NULL,
+ (void*) &user_data_n,
+ sizeof( user_data_n ) );
+ mbedtls_ssl_conf_set_user_data_n( &ep->conf, user_data_n );
+ mbedtls_ssl_set_user_data_n( &ep->ssl, user_data_n );
+
if( dtls_context != NULL )
{
TEST_ASSERT( mbedtls_message_socket_setup( input_queue, output_queue,
@@ -942,6 +963,9 @@
MBEDTLS_SSL_PRESET_DEFAULT );
TEST_ASSERT( ret == 0 );
+ if( group_list != NULL )
+ mbedtls_ssl_conf_groups( &(ep->conf), group_list );
+
ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
TEST_ASSERT( ret == 0 );
@@ -953,6 +977,11 @@
ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
TEST_ASSERT( ret == 0 );
+ TEST_EQUAL( mbedtls_ssl_conf_get_user_data_n( &ep->conf ), user_data_n );
+ mbedtls_ssl_conf_set_user_data_p( &ep->conf, ep );
+ TEST_EQUAL( mbedtls_ssl_get_user_data_n( &ep->ssl ), user_data_n );
+ mbedtls_ssl_set_user_data_p( &ep->ssl, ep );
+
exit:
return ret;
}
@@ -1016,7 +1045,7 @@
{
/* If /p second_ssl ends the handshake procedure before /p ssl then
* there is no need to call the next step */
- if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( !mbedtls_ssl_is_handshake_over( second_ssl ) )
{
ret = mbedtls_ssl_handshake_step( second_ssl );
if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
@@ -1151,16 +1180,16 @@
mbedtls_ssl_ciphersuite_from_id( forced_ciphersuite[0] );
TEST_ASSERT( ciphersuite_info != NULL );
- TEST_ASSERT( ciphersuite_info->min_minor_ver <= conf->max_minor_ver );
- TEST_ASSERT( ciphersuite_info->max_minor_ver >= conf->min_minor_ver );
+ TEST_ASSERT( ciphersuite_info->min_tls_version <= conf->max_tls_version );
+ TEST_ASSERT( ciphersuite_info->max_tls_version >= conf->min_tls_version );
- if( conf->max_minor_ver > ciphersuite_info->max_minor_ver )
+ if( conf->max_tls_version > ciphersuite_info->max_tls_version )
{
- conf->max_minor_ver = ciphersuite_info->max_minor_ver;
+ conf->max_tls_version = ciphersuite_info->max_tls_version;
}
- if( conf->min_minor_ver < ciphersuite_info->min_minor_ver )
+ if( conf->min_tls_version < ciphersuite_info->min_tls_version )
{
- conf->min_minor_ver = ciphersuite_info->min_minor_ver;
+ conf->min_tls_version = ciphersuite_info->min_tls_version;
}
mbedtls_ssl_conf_ciphersuites( conf, forced_ciphersuite );
@@ -1186,16 +1215,69 @@
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
+static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
+ size_t part_len;
+
+ status = psa_cipher_encrypt_setup( &cipher_op,
+ transform->psa_key_enc, transform->psa_alg );
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ status = psa_cipher_update( &cipher_op,
+ input, ilen, output, ilen, olen );
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ status = psa_cipher_finish( &cipher_op,
+ output + *olen, ilen - *olen, &part_len );
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ *olen += part_len;
+ return( 0 );
+#else
+ return mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ iv, iv_len, input, ilen, output, olen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */
+
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
- int etm, int tag_mode, int ver,
+ int etm, int tag_mode,
+ mbedtls_ssl_protocol_version tls_version,
size_t cid0_len,
size_t cid1_len )
{
mbedtls_cipher_info_t const *cipher_info;
int ret = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t key_type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ size_t key_bits;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
size_t keylen, maclen, ivlen;
unsigned char *key0 = NULL, *key1 = NULL;
unsigned char *md0 = NULL, *md1 = NULL;
@@ -1230,6 +1312,7 @@
memset( key0, 0x1, keylen );
memset( key1, 0x2, keylen );
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* Setup cipher contexts */
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
@@ -1258,6 +1341,7 @@
keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+#endif
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
@@ -1277,6 +1361,47 @@
memset( md0, 0x5, maclen );
memset( md1, 0x6, maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ alg = mbedtls_psa_translate_md( mbedtls_md_get_type( md_info ) );
+
+ CHK( alg != 0 );
+
+ t_out->psa_mac_alg = PSA_ALG_HMAC( alg );
+ t_in->psa_mac_alg = PSA_ALG_HMAC( alg );
+ t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+ t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+
+ psa_reset_key_attributes( &attributes );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ CHK( psa_import_key( &attributes,
+ md0, maclen,
+ &t_in->psa_mac_enc ) == PSA_SUCCESS );
+
+ CHK( psa_import_key( &attributes,
+ md1, maclen,
+ &t_out->psa_mac_enc ) == PSA_SUCCESS );
+
+ if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ etm == MBEDTLS_SSL_ETM_DISABLED )
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ else
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+
+ CHK( psa_import_key( &attributes,
+ md1, maclen,
+ &t_in->psa_mac_dec ) == PSA_SUCCESS );
+
+ CHK( psa_import_key( &attributes,
+ md0, maclen,
+ &t_out->psa_mac_dec ) == PSA_SUCCESS );
+#else
CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
@@ -1290,6 +1415,7 @@
md1, maclen ) == 0 );
CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
md0, maclen ) == 0 );
+#endif
}
#else
((void) hash_id);
@@ -1314,8 +1440,8 @@
((void) etm);
#endif
- t_out->minor_ver = ver;
- t_in->minor_ver = ver;
+ t_out->tls_version = tls_version;
+ t_in->tls_version = tls_version;
t_out->ivlen = ivlen;
t_in->ivlen = ivlen;
@@ -1324,7 +1450,7 @@
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
t_out->fixed_ivlen = 12;
t_in->fixed_ivlen = 12;
@@ -1386,10 +1512,6 @@
t_out->maclen = maclen;
t_in->maclen = maclen;
break;
- case 1: /* Partial tag */
- t_out->maclen = 10;
- t_in->maclen = 10;
- break;
default:
ret = 1;
goto cleanup;
@@ -1420,6 +1542,77 @@
t_out->out_cid_len = cid0_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = mbedtls_ssl_cipher_to_psa( cipher_type,
+ t_in->taglen,
+ &alg,
+ &key_type,
+ &key_bits );
+
+ if ( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ t_in->psa_alg = alg;
+ t_out->psa_alg = alg;
+
+ if ( alg != MBEDTLS_SSL_NULL_CIPHER )
+ {
+ psa_reset_key_attributes( &attributes );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ status = psa_import_key( &attributes,
+ key0,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &t_in->psa_key_enc );
+
+ if ( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ status = psa_import_key( &attributes,
+ key1,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &t_out->psa_key_enc );
+
+ if ( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+
+ status = psa_import_key( &attributes,
+ key1,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &t_in->psa_key_dec );
+
+ if ( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ status = psa_import_key( &attributes,
+ key0,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &t_out->psa_key_dec );
+
+ if ( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
cleanup:
mbedtls_free( key0 );
@@ -1442,7 +1635,7 @@
#if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_time( NULL ) - 42;
#endif
- session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+ session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
session->ciphersuite = 0xabcd;
session->compression = 1;
session->id_len = sizeof( session->id );
@@ -1672,6 +1865,48 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
+static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
+ const mbedtls_ssl_context *ssl )
+{
+ const char *version_string = mbedtls_ssl_get_version( ssl );
+ mbedtls_ssl_protocol_version version_number =
+ mbedtls_ssl_get_version_number( ssl );
+
+ TEST_EQUAL( ssl->tls_version, expected_negotiated_version );
+
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ TEST_EQUAL( version_string[0], 'D' );
+ ++version_string;
+ }
+
+ switch( expected_negotiated_version )
+ {
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_2 );
+ TEST_ASSERT( strcmp( version_string, "TLSv1.2" ) == 0 );
+ break;
+
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_TLS1_3 );
+ TEST_ASSERT( strcmp( version_string, "TLSv1.3" ) == 0 );
+ break;
+
+ default:
+ TEST_ASSERT( ! "Version check not implemented for this protocol version" );
+ }
+
+ return( 1 );
+
+exit:
+ return( 0 );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
void perform_handshake( handshake_test_options* options )
{
/* forced_ciphersuite needs to last until the end of the handshake */
@@ -1693,6 +1928,8 @@
#endif
int expected_handshake_result = 0;
+ USE_PSA_INIT( );
+
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@@ -1704,7 +1941,7 @@
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, &client_context,
&client_queue,
- &server_queue ) == 0 );
+ &server_queue, NULL ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay,
@@ -1715,18 +1952,18 @@
{
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, NULL, NULL,
- NULL ) == 0 );
+ NULL, NULL ) == 0 );
}
- if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
+ if( options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
- mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_min_tls_version( &client.conf,
options->client_min_version );
}
- if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE )
+ if( options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
- mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_max_tls_version( &client.conf,
options->client_max_version );
}
@@ -1750,7 +1987,7 @@
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, &server_context,
&server_queue,
- &client_queue) == 0 );
+ &client_queue, NULL ) == 0 );
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
@@ -1760,20 +1997,21 @@
else
{
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
- options->pk_alg, NULL, NULL, NULL ) == 0 );
+ options->pk_alg, NULL, NULL,
+ NULL, NULL ) == 0 );
}
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
- if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE )
+ if( options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
- mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_min_tls_version( &server.conf,
options->server_min_version );
}
- if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE )
+ if( options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN )
{
- mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_max_tls_version( &server.conf,
options->server_max_version );
}
@@ -1841,7 +2079,7 @@
}
#endif
- if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE )
+ if( options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN )
{
expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
}
@@ -1857,14 +2095,19 @@
goto exit;
}
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+ TEST_ASSERT( mbedtls_ssl_is_handshake_over( &client.ssl ) == 1 );
+ TEST_ASSERT( mbedtls_ssl_is_handshake_over( &server.ssl ) == 1 );
- /* Check that we agree on the version... */
- TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
+ /* Check that both sides have negotiated the expected version. */
+ mbedtls_test_set_step( 0 );
+ if( ! check_ssl_version( options->expected_negotiated_version,
+ &client.ssl ) )
+ goto exit;
- /* And check that the version negotiated is the expected one. */
- TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
+ mbedtls_test_set_step( 1 );
+ if( ! check_ssl_version( options->expected_negotiated_version,
+ &server.ssl ) )
+ goto exit;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
@@ -1919,6 +2162,8 @@
mbedtls_mock_tcp_recv_msg,
NULL );
+ mbedtls_ssl_set_user_data_p( &server.ssl, &server );
+
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
@@ -2026,6 +2271,11 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+ TEST_ASSERT( mbedtls_ssl_conf_get_user_data_p( &client.conf ) == &client );
+ TEST_ASSERT( mbedtls_ssl_get_user_data_p( &client.ssl ) == &client );
+ TEST_ASSERT( mbedtls_ssl_conf_get_user_data_p( &server.conf ) == &server );
+ TEST_ASSERT( mbedtls_ssl_get_user_data_p( &server.ssl ) == &server );
+
exit:
mbedtls_endpoint_free( &client, options->dtls != 0 ? &client_context : NULL );
mbedtls_endpoint_free( &server, options->dtls != 0 ? &server_context : NULL );
@@ -2039,6 +2289,7 @@
if( context_buf != NULL )
mbedtls_free( context_buf );
#endif
+ USE_PSA_DONE( );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
@@ -3178,13 +3429,17 @@
size_t const buflen = 512;
mbedtls_record rec, rec_backup;
+ USE_PSA_INIT( );
+
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
- etm, tag_mode, ver,
- (size_t) cid0_len,
- (size_t) cid1_len ) == 0 );
+ ret = build_transforms( &t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len );
+
+ TEST_ASSERT( ret == 0 );
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
@@ -3255,7 +3510,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
@@ -3288,6 +3543,7 @@
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -3334,13 +3590,17 @@
int seen_success; /* Indicates if in the current mode we've
* already seen a successful test. */
+ USE_PSA_INIT( );
+
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ ret = build_transforms( &t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
- (size_t) cid1_len ) == 0 );
+ (size_t) cid1_len );
+
+ TEST_ASSERT( ret == 0 );
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
@@ -3419,7 +3679,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
@@ -3454,6 +3714,7 @@
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -3486,18 +3747,27 @@
unsigned char padlen; /* excluding the padding_length byte */
unsigned char add_data[13];
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ size_t sign_mac_length = 0;
+#endif
int exp_ret;
+ int ret;
const unsigned char pad_max_len = 255; /* Per the standard */
+ USE_PSA_INIT( );
+
mbedtls_ssl_init( &ssl );
mbedtls_ssl_transform_init( &t0 );
mbedtls_ssl_transform_init( &t1 );
/* Set up transforms with dummy keys */
- TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ ret = build_transforms( &t0, &t1, cipher_type, hash_id,
0, trunc_hmac,
- MBEDTLS_SSL_MINOR_VERSION_3,
- 0 , 0 ) == 0 );
+ MBEDTLS_SSL_VERSION_TLS1_2,
+ 0 , 0 );
+
+ TEST_ASSERT( ret == 0 );
/* Determine padding/plaintext length */
TEST_ASSERT( length_selector >= -2 && length_selector <= 255 );
@@ -3534,8 +3804,8 @@
/* Prepare a dummy record header */
memset( rec.ctr, 0, sizeof( rec.ctr ) );
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
- rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
- rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
+ mbedtls_ssl_write_version( rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_VERSION_TLS1_2 );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -3564,11 +3834,24 @@
*/
/* MAC with additional data */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_sign_setup( &operation,
+ t0.psa_mac_enc,
+ t0.psa_mac_alg ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data, 13 ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation,
+ rec.buf + rec.data_offset,
+ rec.data_len ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_sign_finish( &operation,
+ mac, MBEDTLS_MD_MAX_SIZE,
+ &sign_mac_length ) );
+#else
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
rec.buf + rec.data_offset,
rec.data_len ) );
TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
+#endif
memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
rec.data_len += t0.maclen;
@@ -3585,10 +3868,9 @@
/*
* Encrypt and decrypt the correct record, expecting success
*/
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@@ -3611,10 +3893,9 @@
rec.buf[i] ^= 0x01;
/* Encrypt */
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@@ -3648,10 +3929,9 @@
memset( buf + buflen - padlen - 1, i, padlen + 1 );
/* Encrypt */
- TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen ) );
+ TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
@@ -3666,6 +3946,158 @@
mbedtls_ssl_transform_free( &t1 );
mbedtls_free( buf );
mbedtls_free( buf_save );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_extract( int alg,
+ data_t *ikm,
+ data_t *salt,
+ data_t *prk )
+{
+ unsigned char *output_prk = NULL;
+ size_t output_prk_size, output_prk_len;
+
+ PSA_INIT( );
+
+ output_prk_size = PSA_HASH_LENGTH( alg );
+ ASSERT_ALLOC( output_prk, output_prk_size );
+
+ PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt->x, salt->len,
+ ikm->x, ikm->len,
+ output_prk, output_prk_size,
+ &output_prk_len ) );
+
+ ASSERT_COMPARE( output_prk, output_prk_len, prk->x, prk->len );
+
+exit:
+ mbedtls_free( output_prk );
+
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_extract_ret( int alg, int ret )
+{
+ int output_ret;
+ unsigned char *salt = NULL;
+ unsigned char *ikm = NULL;
+ unsigned char *prk = NULL;
+ size_t salt_len, ikm_len, prk_len;
+
+ PSA_INIT( );
+
+ ASSERT_ALLOC( prk, PSA_MAC_MAX_SIZE);
+ salt_len = 0;
+ ikm_len = 0;
+ prk_len = 0;
+
+ output_ret = mbedtls_psa_hkdf_extract( alg, salt, salt_len,
+ ikm, ikm_len,
+ prk, PSA_MAC_MAX_SIZE, &prk_len );
+ TEST_ASSERT( output_ret == ret );
+ TEST_ASSERT( prk_len == 0 );
+
+exit:
+ mbedtls_free( prk );
+
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_expand( int alg,
+ data_t *info,
+ data_t *prk,
+ data_t *okm )
+{
+ enum { OKM_LEN = 1024 };
+ unsigned char *output_okm = NULL;
+
+ PSA_INIT( );
+
+ ASSERT_ALLOC( output_okm, OKM_LEN );
+ TEST_ASSERT( prk->len == PSA_HASH_LENGTH( alg ) );
+ TEST_ASSERT( okm->len < OKM_LEN );
+
+ PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk->x, prk->len,
+ info->x, info->len,
+ output_okm, OKM_LEN ) );
+
+ ASSERT_COMPARE( output_okm, okm->len, okm->x, okm->len );
+
+exit:
+ mbedtls_free( output_okm );
+
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
+{
+ int output_ret;
+ unsigned char *info = NULL;
+ unsigned char *prk = NULL;
+ unsigned char *okm = NULL;
+ size_t info_len;
+ size_t i;
+ mbedtls_svc_key_id_t *keys = NULL;
+
+ PSA_INIT( );
+
+ info_len = 0;
+
+ if( prk_len > 0 )
+ ASSERT_ALLOC( prk, prk_len );
+
+ if( okm_len > 0 )
+ ASSERT_ALLOC( okm, okm_len );
+
+ if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
+ {
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Reserve all key slot to make the key import fail. */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
+
+ for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
+ {
+ /* Do not use the 0 value because it will be passed to
+ mbedtls_psa_hkdf_expand */
+ prk[0] = i + 1;
+ keys[i] = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_import_key( &attributes, prk, prk_len, &keys[i] );
+ }
+
+ /* reset prk buffer */
+ prk[0] = 0;
+ }
+
+ output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len,
+ info, info_len,
+ okm, okm_len );
+ TEST_ASSERT( output_ret == ret );
+
+exit:
+ mbedtls_free( prk );
+ mbedtls_free( okm );
+
+ if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
+ {
+ for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
+ psa_destroy_key( keys[i] );
+
+ mbedtls_free( keys );
+ }
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3695,8 +4127,10 @@
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
+ PSA_INIT( );
+
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
ctx->x, ctx->len,
@@ -3704,6 +4138,8 @@
ASSERT_COMPARE( dst, (size_t) desired_length,
expected->x, (size_t) expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3727,8 +4163,10 @@
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
expected_client_write_key->len == (size_t) desired_key_len );
+ PSA_INIT( );
+
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
client_secret->x,
server_secret->x,
client_secret->len /* == server_secret->len */,
@@ -3751,6 +4189,8 @@
keys.iv_len,
expected_server_write_iv->x,
(size_t) desired_iv_len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3781,8 +4221,10 @@
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
+ PSA_INIT( );
+
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
ctx->x, ctx->len,
@@ -3791,6 +4233,8 @@
ASSERT_COMPARE( dst, desired_length,
expected->x, desired_length );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3804,23 +4248,26 @@
mbedtls_ssl_tls13_early_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- traffic_expected->len == md_size &&
- exporter_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ traffic_expected->len == hash_len &&
+ exporter_expected->len == hash_len );
+
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.client_early_traffic_secret, hash_len,
traffic_expected->x, traffic_expected->len );
- ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
+ ASSERT_COMPARE( secrets.early_exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3834,23 +4281,26 @@
mbedtls_ssl_tls13_handshake_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- client_expected->len == md_size &&
- server_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ client_expected->len == hash_len &&
+ server_expected->len == hash_len );
+
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.client_handshake_traffic_secret, hash_len,
client_expected->x, client_expected->len );
- ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.server_handshake_traffic_secret, hash_len,
server_expected->x, server_expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3865,26 +4315,29 @@
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- client_expected->len == md_size &&
- server_expected->len == md_size &&
- exporter_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ client_expected->len == hash_len &&
+ server_expected->len == hash_len &&
+ exporter_expected->len == hash_len );
+
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
+ ASSERT_COMPARE( secrets.client_application_traffic_secret_N, hash_len,
client_expected->x, client_expected->len );
- ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
+ ASSERT_COMPARE( secrets.server_application_traffic_secret_N, hash_len,
server_expected->x, server_expected->len );
- ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
+ ASSERT_COMPARE( secrets.exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3897,20 +4350,23 @@
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- resumption_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ resumption_expected->len == hash_len );
+
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
+ ASSERT_COMPARE( secrets.resumption_master_secret, hash_len,
resumption_expected->x, resumption_expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3924,23 +4380,26 @@
unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- transcript->len == md_size &&
- binder_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ transcript->len == hash_len &&
+ binder_expected->len == hash_len );
+
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */
- md_type,
+ alg,
psk->x, psk->len,
psk_type,
transcript->x,
binder ) == 0 );
- ASSERT_COMPARE( binder, md_size,
+ ASSERT_COMPARE( binder, hash_len,
binder_expected->x, binder_expected->len );
+
+ PSA_DONE( );
}
/* END_CASE */
@@ -3964,6 +4423,8 @@
size_t buf_len;
int other_endpoint;
+ USE_PSA_INIT( );
+
TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
endpoint == MBEDTLS_SSL_IS_SERVER );
@@ -4004,10 +4465,9 @@
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
/* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
- mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_3,
+ mbedtls_ssl_write_version( rec.ver,
MBEDTLS_SSL_TRANSPORT_STREAM,
- rec.ver );
+ MBEDTLS_SSL_VERSION_TLS1_2 );
/* Copy plaintext into record structure */
rec.buf = buf;
@@ -4039,6 +4499,7 @@
mbedtls_free( buf );
mbedtls_ssl_transform_free( &transform_send );
mbedtls_ssl_transform_free( &transform_recv );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -4050,18 +4511,22 @@
{
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
+ PSA_INIT();
+
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->len ? secret->x : NULL,
input->len ? input->x : NULL, input->len,
secret_new ) == 0 );
ASSERT_COMPARE( secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len );
+
+ PSA_DONE();
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
void ssl_tls_prf( int type, data_t * secret, data_t * random,
char *label, data_t *result_str, int exp_ret )
{
@@ -4122,7 +4587,7 @@
#if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT( original.start == restored.start );
#endif
- TEST_ASSERT( original.minor_ver == restored.minor_ver );
+ TEST_ASSERT( original.tls_version == restored.tls_version );
TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len );
@@ -4379,7 +4844,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void mbedtls_endpoint_sanity( int endpoint_type )
{
enum { BUFFSIZE = 1024 };
@@ -4387,14 +4852,14 @@
int ret = -1;
ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL );
+ NULL, NULL, NULL, NULL );
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL );
+ NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
exit:
@@ -4402,7 +4867,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -4410,13 +4875,13 @@
int ret = -1;
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL );
+ NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
ret = mbedtls_endpoint_init( &second_ep,
( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_PK_RSA, NULL, NULL, NULL );
+ MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
ret = mbedtls_mock_socket_connect( &(base_ep.socket),
@@ -4444,7 +4909,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_version( int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version )
@@ -4456,7 +4921,6 @@
options.client_max_version = client_max_version;
options.server_min_version = server_min_version;
options.server_max_version = server_max_version;
-
options.expected_negotiated_version = expected_negotiated_version;
options.dtls = dtls;
@@ -4467,7 +4931,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
{
handshake_test_options options;
@@ -4485,7 +4949,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_cipher( char* cipher, int pk_alg, int dtls )
{
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
@@ -4495,7 +4959,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls )
@@ -4516,7 +4980,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -4528,7 +4992,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -4540,7 +5004,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_serialization( )
{
handshake_test_options options;
@@ -4554,7 +5018,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
{
handshake_test_options options;
@@ -4590,7 +5054,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void renegotiation( int legacy_renegotiation )
{
handshake_test_options options;
@@ -4606,7 +5070,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher )
{
@@ -4627,7 +5091,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers_serialize_mfl( int mfl )
{
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -4638,7 +5102,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
char *cipher )
{
@@ -4656,8 +5120,15 @@
* Test the function mbedtls_ct_hmac() against a reference
* implementation.
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#else
mbedtls_md_context_t ctx, ref_ctx;
const mbedtls_md_info_t *md_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t out_len, block_size;
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
@@ -4667,6 +5138,20 @@
unsigned char *out = NULL;
unsigned char rec_num = 0;
+ USE_PSA_INIT( );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ alg = PSA_ALG_HMAC( mbedtls_psa_translate_md( hash ) );
+
+ out_len = PSA_HASH_LENGTH( alg );
+ block_size = PSA_HASH_BLOCK_LENGTH( alg );
+
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+#else
mbedtls_md_init( &ctx );
mbedtls_md_init( &ref_ctx );
@@ -4675,10 +5160,18 @@
out_len = mbedtls_md_get_size( md_info );
TEST_ASSERT( out_len != 0 );
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Use allocated out buffer to catch overwrites */
ASSERT_ALLOC( out, out_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Set up dummy key */
+ memset( ref_out, 42, sizeof( ref_out ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_import_key( &attributes,
+ ref_out, out_len,
+ &key ) );
+#else
/* Set up contexts with the given hash and a dummy key */
TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
@@ -4686,6 +5179,7 @@
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
memset( ref_out, 0, sizeof( ref_out ) );
+#endif
/*
* Test all possible lengths up to a point. The difference between
@@ -4712,13 +5206,31 @@
/* Get the function's result */
TEST_CF_SECRET( &in_len, sizeof( in_len ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( 0, mbedtls_ct_hmac( key, PSA_ALG_HMAC( alg ),
+ add_data, sizeof( add_data ),
+ data, in_len,
+ min_in_len, max_in_len,
+ out ) );
+#else
TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
data, in_len,
min_in_len, max_in_len,
out ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
TEST_CF_PUBLIC( out, out_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_setup( &operation,
+ key, alg ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data,
+ sizeof( add_data ) ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation,
+ data, in_len ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_finish( &operation,
+ out, out_len ) );
+#else
/* Compute the reference result */
TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
sizeof( add_data ) ) );
@@ -4728,6 +5240,7 @@
/* Compare */
ASSERT_COMPARE( out, out_len, ref_out, out_len );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
mbedtls_free( data );
@@ -4735,11 +5248,18 @@
}
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+#else
mbedtls_md_free( &ref_ctx );
mbedtls_md_free( &ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_free( data );
mbedtls_free( out );
+
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -4815,13 +5335,15 @@
unsigned char psk0_raw[10] = { 0 };
unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' };
- psa_key_id_t psk0_opaque = (psa_key_id_t) 1;
+ mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 1 );
+
unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' };
unsigned char psk1_raw[10] = { 0 };
unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' };
- psa_key_id_t psk1_opaque = (psa_key_id_t) 2;
+ mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make( 0x1, (psa_key_id_t) 2 );
+
unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' };
mbedtls_ssl_config conf;
@@ -4882,6 +5404,29 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void conf_version( int endpoint, int transport,
+ int min_tls_version, int max_tls_version,
+ int expected_ssl_setup_result )
+{
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_context ssl;
+
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_init( &ssl );
+
+ mbedtls_ssl_conf_endpoint( &conf, endpoint );
+ mbedtls_ssl_conf_transport( &conf, transport );
+ mbedtls_ssl_conf_min_tls_version( &conf, min_tls_version );
+ mbedtls_ssl_conf_max_tls_version( &conf, max_tls_version );
+
+ TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void conf_curve()
{
@@ -4897,9 +5442,13 @@
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
-
- mbedtls_ssl_conf_max_version( &conf, 3, 3 );
- mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
+ mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
+#else
+ mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
+ mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_3 );
+#endif
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_context ssl;
@@ -4930,8 +5479,8 @@
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
- mbedtls_ssl_conf_max_version( &conf, 3, 3 );
- mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_max_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
+ mbedtls_ssl_conf_min_tls_version( &conf, MBEDTLS_SSL_VERSION_TLS1_2 );
mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
@@ -4950,3 +5499,160 @@
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */
+void timing_final_delay_accessor( )
+{
+ mbedtls_timing_delay_context delay_context;
+
+ mbedtls_timing_set_delay( &delay_context, 50, 100 );
+
+ TEST_ASSERT( mbedtls_timing_get_final_delay( &delay_context ) == 100 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID */
+void cid_sanity( )
+{
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+
+ unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char test_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ int cid_enabled;
+ size_t own_cid_len;
+
+ mbedtls_test_rnd_std_rand( NULL, own_cid, sizeof( own_cid ) );
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+
+ TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT )
+ == 0 );
+
+ TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
+
+ /* Can't use CID functions with stream transport. */
+ TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ sizeof( own_cid ) )
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+ &own_cid_len )
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT )
+ == 0 );
+
+ /* Attempt to set config cid size too big. */
+ TEST_ASSERT( mbedtls_ssl_conf_cid( &conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_ssl_conf_cid( &conf, sizeof( own_cid ),
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ == 0 );
+
+ /* Attempt to set CID length not matching config. */
+ TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ MBEDTLS_SSL_CID_IN_LEN_MAX - 1 )
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ sizeof( own_cid ) )
+ == 0 );
+
+ /* Test we get back what we put in. */
+ TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+ &own_cid_len )
+ == 0 );
+
+ TEST_EQUAL( cid_enabled, MBEDTLS_SSL_CID_ENABLED );
+ ASSERT_COMPARE( own_cid, own_cid_len, test_cid, own_cid_len );
+
+ /* Test disabling works. */
+ TEST_ASSERT( mbedtls_ssl_set_cid( &ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
+ 0 )
+ == 0 );
+
+ TEST_ASSERT( mbedtls_ssl_get_own_cid( &ssl, &cid_enabled, test_cid,
+ &own_cid_len )
+ == 0 );
+
+ TEST_EQUAL( cid_enabled, MBEDTLS_SSL_CID_DISABLED );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+void raw_key_agreement_fail( int bad_server_ecdhe_key )
+{
+ enum { BUFFSIZE = 17000 };
+ mbedtls_endpoint client, server;
+ mbedtls_psa_stats_t stats;
+ size_t free_slots_before = -1;
+
+ uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+ USE_PSA_INIT( );
+
+ /* Client side, force SECP256R1 to make one key bitflip fail
+ * the raw key agreement. Flipping the first byte makes the
+ * required 0x04 identifier invalid. */
+ TEST_EQUAL( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, iana_tls_group_list ), 0 );
+
+ /* Server side */
+ TEST_EQUAL( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, NULL ), 0 );
+
+ TEST_EQUAL( mbedtls_mock_socket_connect( &(client.socket),
+ &(server.socket),
+ BUFFSIZE ), 0 );
+
+ TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_CLIENT_KEY_EXCHANGE )
+ , 0 );
+
+ mbedtls_psa_get_stats( &stats );
+ /* Save the number of slots in use up to this point.
+ * With PSA, one can be used for the ECDH private key. */
+ free_slots_before = stats.empty_slots;
+
+ if( bad_server_ecdhe_key )
+ {
+ /* Force a simulated bitflip in the server key. to make the
+ * raw key agreement in ssl_write_client_key_exchange fail. */
+ (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
+ }
+
+ TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
+ &(server.ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER ),
+ bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
+
+ mbedtls_psa_get_stats( &stats );
+
+ /* Make sure that the key slot is already destroyed in case of failure,
+ * without waiting to close the connection. */
+ if( bad_server_ecdhe_key )
+ TEST_EQUAL( free_slots_before, stats.empty_slots );
+
+exit:
+ mbedtls_endpoint_free( &client, NULL );
+ mbedtls_endpoint_free( &server, NULL );
+
+ USE_PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index efc2fc9..888c9ab 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -26,6 +26,10 @@
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
+Certificate Request check opaque Server1 key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_csr_check_opaque:"data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
+
Certificate Request check Server1 key_usage empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
@@ -52,44 +56,71 @@
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, CA
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, CA
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
+Certificate write check Server1 SHA1, Opaque
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, ns_cert_type
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, version 1
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, CA
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+
+Certificate write check Server5 ECDSA
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
+
+Certificate write check Server5 ECDSA, Opaque
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 261794c..485bbe2 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -83,16 +83,21 @@
mbedtls_pk_context key;
mbedtls_x509write_csr req;
unsigned char buf[4096];
- unsigned char check_buf[4000];
int ret;
- size_t olen = 0, pem_len = 0, buf_index;
- int der_len = -1;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char check_buf[4000];
FILE *f;
+ size_t olen = 0;
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+ size_t pem_len = 0, buf_index;
+ int der_len = -1;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ USE_PSA_INIT( );
+
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
@@ -117,6 +122,12 @@
TEST_ASSERT( buf[buf_index] == 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
+ (void)cert_req_check_file;
+ buf[pem_len] = '\0';
+ TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+#else
f = fopen( cert_req_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
@@ -124,6 +135,7 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
mbedtls_test_rnd_pseudo_rand,
@@ -133,13 +145,22 @@
if( der_len == 0 )
goto exit;
- ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, result length isn't
+ // deterministic over multiple runs, removing a single byte isn't enough to
+ // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
+ der_len /= 2;
+#else
+ der_len -= 1;
+#endif
+ ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ),
mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -202,7 +223,8 @@
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int rsa_alt, int is_ca )
+ int ver, char *cert_check_file, int pk_wrap, int is_ca,
+ char *cert_verify_file )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -216,10 +238,16 @@
int der_len = -1;
FILE *f;
mbedtls_test_rnd_pseudo_info rnd_info;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif
+ mbedtls_pk_type_t issuer_key_type;
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
+ USE_PSA_INIT( );
+
mbedtls_pk_init( &subject_key );
mbedtls_pk_init( &issuer_key );
mbedtls_pk_init( &issuer_key_alt );
@@ -232,9 +260,11 @@
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ issuer_key_type = mbedtls_pk_get_type( &issuer_key );
+
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
+ if( pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA )
{
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
mbedtls_pk_rsa( issuer_key ),
@@ -244,10 +274,24 @@
key = &issuer_key_alt;
}
-#else
- (void) rsa_alt;
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* For Opaque PK contexts, wrap key as an Opaque RSA context. */
+ if( pk_wrap == 2 )
+ {
+ psa_algorithm_t md_alg_psa =
+ mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+
+ TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id,
+ md_alg_psa ) == 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( pk_wrap == 2 )
+ TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE );
+
TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
@@ -289,14 +333,40 @@
TEST_ASSERT( buf[buf_index] == 0 );
}
- f = fopen( cert_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
- TEST_ASSERT( olen < sizeof( check_buf ) );
+ if( issuer_key_type != MBEDTLS_PK_RSA )
+ {
+ mbedtls_x509_crt crt_parse, trusted;
+ uint32_t flags;
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ mbedtls_x509_crt_init( &crt_parse );
+ mbedtls_x509_crt_init( &trusted );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted,
+ cert_verify_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse( &crt_parse,
+ buf, sizeof( buf ) ) == 0 );
+
+ ret = mbedtls_x509_crt_verify( &crt_parse, &trusted, NULL, NULL, &flags,
+ NULL, NULL );
+
+ mbedtls_x509_crt_free( &crt_parse );
+ mbedtls_x509_crt_free( &trusted );
+
+ TEST_EQUAL( flags, 0 );
+ TEST_EQUAL( ret, 0 );
+ }
+ else
+ {
+ f = fopen( cert_check_file, "r" );
+ TEST_ASSERT( f != NULL );
+ olen = fread( check_buf, 1, sizeof( check_buf ), f );
+ fclose( f );
+ TEST_ASSERT( olen < sizeof( check_buf ) );
+
+ TEST_EQUAL( olen, pem_len );
+ TEST_ASSERT( olen >= pem_len - 1 );
+ TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ }
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
mbedtls_test_rnd_pseudo_rand,
@@ -306,7 +376,17 @@
if( der_len == 0 )
goto exit;
- ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, result length isn't
+ // deterministic over multiple runs, removing a single byte isn't enough to
+ // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
+ if( issuer_key_type != MBEDTLS_PK_RSA )
+ der_len /= 2;
+ else
+#endif
+ der_len -= 1;
+
+ ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len ),
mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -316,6 +396,10 @@
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( key_id );
+#endif
+ USE_PSA_DONE( );
}
/* END_CASE */